Google has launched a important safety replace for its Chrome browser, addressing a number of vulnerabilities that might permit attackers to execute arbitrary code on affected programs.
The replace, now rolling out to customers globally, upgrades Chrome to model 148.0.7778.178/179 for Home windows and macOS, and 148.0.7778.178 for Linux.
In accordance with the official Chrome Releases weblog, the most recent replace fixes 16 safety vulnerabilities, together with a number of high-severity and demanding flaws.
Google Chrome Safety Flaws
Two of essentially the most regarding points, CVE-2026-9111 and CVE-2026-9110, have been rated important and might be exploited for distant code execution (RCE).
Probably the most extreme flaw, CVE-2026-9111, is a use-after-free vulnerability in WebRTC, a element liable for real-time communication in browsers.
Use-after-free points happen when reminiscence is wrongly dealt with, permitting attackers to execute malicious code by manipulating freed reminiscence.
One other important vulnerability, CVE-2026-9110, includes an inappropriate implementation within the browser’s consumer interface (UI). Whereas technical particulars stay restricted, such flaws can typically be chained with different bugs to bypass safety protections.
These vulnerabilities are significantly harmful as a result of they are often triggered remotely, just by convincing a consumer to go to a malicious web site or work together with crafted net content material.
A number of Excessive-Severity Bugs Recognized
Along with the important points, Google patched a number of high-severity vulnerabilities affecting key browser elements:
- CVE-2026-9112: Use-after-free in GPU
- CVE-2026-9113: Out-of-bounds learn in GPU
- CVE-2026-9114: Use-after-free in QUIC protocol
- CVE-2026-9115 & CVE-2026-9116: Coverage enforcement points in Service Staff
- CVE-2026-9117: Sort confusion in graphics (GFX)
- CVE-2026-9119 & CVE-2026-9120: Reminiscence corruption points in WebRTC
These flaws might result in reminiscence corruption, knowledge leakage, or sandbox escape, relying on exploitation situations. Notably, GPU and WebRTC elements stay frequent targets on account of their complexity and publicity to untrusted enter.
The replace additionally resolves a number of medium-severity vulnerabilities, together with heap buffer overflows, out-of-bounds reads, and inadequate enter validation. Whereas much less extreme individually, these bugs can nonetheless be leveraged in multi-stage assaults.
For instance, CVE-2026-9124 highlights inadequate validation of untrusted enter, a standard root trigger in browser exploitation chains.
Google credited each inner groups and exterior researchers for locating these vulnerabilities. Bug bounty rewards reached as much as $11,000 for high-severity findings, demonstrating continued neighborhood involvement in enhancing browser safety.
The corporate additionally famous that many vulnerabilities have been detected utilizing superior fuzzing and reminiscence security instruments, together with AddressSanitizer, libFuzzer, and Management Move Integrity (CFI).
Mitigation and Person Suggestions
Customers are strongly suggested to replace Chrome instantly to the most recent model to mitigate potential dangers. Updates are being rolled out progressively, however customers can manually examine for updates through:
Settings → About Chrome → Examine for updates.Safety consultants emphasize that delaying browser updates will increase publicity to lively exploitation, particularly when vulnerability particulars grow to be public after patch adoption.
Organizations ought to guarantee well timed patch administration throughout endpoints and monitor for uncommon browser exercise which will point out exploitation makes an attempt.
This Chrome replace highlights the continuing danger posed by reminiscence security vulnerabilities in trendy browsers. With a number of important and high-severity flaws that may allow distant code execution, immediate patching stays important for each particular person customers and enterprises.
Comply with us on Google Information, LinkedIn, and X to Get Instantaneous Updates and Set GBH as a Most popular Supply in Google.
