Chrome’s Security Overhaul: 127 Fixes and $100k+ in Bounties Power the New Chrome 148 Stable Release
Ddos 
The Google Chrome team has officially promoted Chrome 148 to the stable channel for Windows, Mac, and Linux users. This massive update—version 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac—isn’t just a routine performance boost; it is a critical security overhaul featuring 127 security fixes.
Google plans to roll out the update over the coming days and weeks. As per standard protocol, technical details for many of these bugs remain restricted to prevent exploitation until a majority of the user base has successfully updated.
The headline of this release is a trio of Critical vulnerabilities, the highest severity rating assigned to security flaws. Leading the pack is CVE-2026-7896, an integer overflow bug in the Blink rendering engine. The researcher who reported this flaw on March 18, 2026, was awarded a staggering $43,000 bounty for their discovery.
The other two critical flaws were discovered internally by Google’s security teams:
- CVE-2026-7897: A Use after free (UAF) vulnerability in Mobile.
- CVE-2026-7898: A Use after free vulnerability in Chromoting (Chrome Remote Desktop).
The update addresses a significant number of High-severity bugs, many targeting the V8 JavaScript engine and ANGLE (the graphics abstraction layer). Notable external contributions include:
- V8 Engine: Researcher pjwhatforlunch from Project WhatForLunch earned $55,000 for identifying CVE-2026-7899, an out-of-bounds read and write vulnerability. Additionally, JunYoung Park of the KAIST Hacking Lab earned $8,000 for CVE-2026-7902, another memory access issue in V8.
- Graphics (ANGLE): Two separate UAF and buffer overflow bugs (CVE-2026-7900 and CVE-2026-7901) were patched in the ANGLE component, netting researchers $16,000 each.
The release also cleans up persistent Use after free issues across various sub-systems, including SVG, DOM, Fullscreen, and ServiceWorkers.
Beyond the critical and high-severity fixes, Chrome 148 addresses dozens of Medium and Low severity vulnerabilities. These range from inappropriate implementations in the SanitizerAPI and Speech modules to insufficient policy enforcement in DevTools and Downloads.
To verify if you are running the latest version, navigate to Settings > About Chrome. If an update is available, Chrome will download it automatically and prompt you to relaunch.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
