Google's latest Chrome 148 update (versions 148.0.7778.167/168 for Windows/macOS, 148.0.7778.167 for Linux) addresses a whopping 79 security vulnerabilities. Among them, 14 are rated critical, and none have been exploited in the wild yet. This Q&A breaks down the key details, from the types of flaws to how you can stay protected.
What vulnerabilities were patched in Chrome 148, and how many are critical?
Chrome 148 fixes 79 security issues across desktop, Android, and iOS. Fourteen of these are classified as critical (CVE-2026-8509 to CVE-2026-8522), 37 as high risk, and the rest as medium. The critical vulnerabilities include eight use-after-free (UAF) bugs—a dangerous type where the browser tries to access memory that has already been freed. These flaws could allow attackers to execute arbitrary code or crash the browser. Google has not reported any active exploits for these vulnerabilities, but given their severity, updating is strongly recommended.
Why are use-after-free vulnerabilities so dangerous?
UAF vulnerabilities are a common problem in memory-unsafe languages like C and C++. When a program frees a block of memory but later attempts to use it, an attacker can potentially overwrite that memory with malicious data, leading to code execution. In Chrome 148, 24 UAF flaws were fixed, with 8 of them ranked critical. These are especially risky in web browsers because they can be triggered by visiting a crafted website. Google is increasingly relying on memory-safe languages like Rust to reduce such bugs, though legacy code remains a challenge. Users should update immediately to avoid potential exploits that could bypass security sandboxes.
Who discovered these vulnerabilities—Google or external researchers?
Of the 79 vulnerabilities, Google’s internal teams found 59, while external security researchers reported 20. Google awarded these researchers a total of $112,000 in bug bounties. The high number of internally found flaws suggests that Google has ramped up its use of AI-powered vulnerability detection tools, which can automatically scan code for memory corruption and other common bugs. This proactive approach helps catch issues before they are exploited. For external researchers, the bug bounty program continues to be a significant incentive to report flaws responsibly.
Which platforms received the Chrome 148 security update?
The update is available for Windows (versions 148.0.7778.167/168), macOS (148.0.7778.167/168), and Linux (148.0.7778.167). Additionally, Google released Chrome for Android 148.0.7778.167 and Chrome for iOS 148.0.7778.166, both of which include the same security fixes as the desktop versions. An Extended Stable Channel for Windows and macOS now runs Chromium version 148.0.7778.168. All users across these platforms are urged to install the update as soon as possible.
How do I update Chrome to the latest version?
By default, Chrome updates automatically when a new version is available. To manually check for updates, open the browser, click the three-dot menu (top right), go to Help > About Google Chrome. The page will automatically check for updates and begin downloading. Once downloaded, you’ll need to relaunch the browser to complete the installation. You can verify your current version in the same menu. If the automatic update hasn’t triggered yet, this manual check ensures you get the patch immediately.
What role did AI play in finding these vulnerabilities?
According to Google, AI models specializing in vulnerability detection likely contributed to the sharp increase in the number of flaws found. The fact that Google discovered 59 of the 79 bugs internally suggests automated fuzzing and code analysis tools are becoming more effective. These AI approaches can test millions of code paths and spot patterns that human reviewers might miss. This trend is likely to continue, with memory-safe languages like Rust also being adopted to reduce the attack surface. For users, this means future updates may patch even more vulnerabilities before they are exploited.
What is the next Chrome version and when will it arrive?
Google is already working on Chrome version 149, which is expected to be released in early June. While no specific details about its security fixes are available yet, it will likely continue the trend of addressing numerous vulnerabilities. Meanwhile, users should consider not only keeping Chrome updated but also using antivirus software and VPN services for an extra layer of protection. Regular updates and good security habits remain the best defense against zero-day and other emerging threats.