Google Chrome: Update to version 148 patches 127 security vulnerabilities

With its weekly update on Wednesday night, Google has brought the web browser Chrome to version branch 148. Initially, the version announcement was empty – it is now clear: the developers have patched 127 security vulnerabilities.

In the version announcement, the Chrome programmers briefly mention, as usual, which vulnerabilities have been reported by external IT researchers. Three reach the risk classification “critical,” and for one of them, the bounty for the reporter is also clear: they will receive $43,000 for it. This is an integer overflow in the rendering engine Blink (CVE-2026-7896, CVSS according to CISA 8.8, risk according to Google “critical”). On iOS, the developers have addressed a use-after-free vulnerability (CVE-2026-7897, CVSS according to CISA 7.5, risk according to Google “critical”). The built-in remote desktop tool Chromoting also has a use-after-free vulnerability (CVE-2026-7898, CVSS according to CISA 8.8, risk according to Google “critical”).

In a use-after-free vulnerability, program code accesses resources that have already been freed. Their contents are therefore undefined; attackers can often exploit such vulnerabilities to inject and execute malicious code. For web browsers, displaying carefully crafted web pages is usually sufficient for this. Another 31 security vulnerabilities are classified as risk “high,” 66 as “medium” threat level, and 27 as “low” risk level.

The security vulnerabilities are patched in Chrome versions 148.0.7778.120 for Android, 148.0.7778.96 for Linux, and 148.0.7778.96/97 for macOS and Windows. Anyone using Chrome should quickly ensure that their web browser is up to date. So far, none of the vulnerabilities seem to be exploited, at least Google does not mention anything about it.

Install Update

The updates can be applied via the version dialog. After clicking on the browser menu, which is hidden behind the icon with the three stacked dots, and then selecting “Help” and then “About Google Chrome,” it opens. It shows the currently running software version and starts the update installation if available. On Linux, the distribution's software manager is usually used for this. The new versions are typically available with a slight delay in the mobile phone app stores.

Since the security vulnerabilities affect the Chromium base, users of web browsers based on it, such as Microsoft Edge, should also check if an update is now available for their browsers.

The Chrome update from last week already fixed 30 vulnerabilities. The AI vulnerability search appears to be very successful and is giving the developers a lot of work. In the end, however, this means that the software becomes significantly more secure.

(dmk)