Google has launched a brand new Chrome 148 safety replace that patches 79 vulnerabilities, together with 14 categorised as critical-severity flaws. The replace addresses a number of harmful reminiscence corruption and use-after-free bugs affecting core browser parts.
In keeping with Google, the vulnerabilities impression a number of browser parts and will probably enable attackers to execute arbitrary code, crash methods, bypass safety protections, or compromise delicate info by way of specifically crafted web sites or malicious internet content material. Most of the patched flaws contain use-after-free bugs, a class of reminiscence administration vulnerability generally exploited by cybercriminals and superior risk actors.
Earlier this month, Google additionally rolled out a broader Chrome 148 stable-channel launch that mounted 127 safety points, together with three important vulnerabilities. Among the many most severe flaws had been an integer overflow vulnerability in Blink and two important use-after-free bugs affecting Cellular and Chromoting parts. Safety researchers acquired bug bounty payouts exceeding $138,000 for reporting a number of of the problems.
Safety consultants warn that browsers stay probably the most closely focused assault surfaces as a result of they straight course of untrusted internet content material, JavaScript, media recordsdata, and browser extensions. Vulnerabilities in browser engines resembling Blink, V8, WebRTC, SVG, and GPU rendering methods can usually be exploited remotely just by convincing customers to open malicious webpages.
The most recent Chrome replace follows a collection of latest browser-related safety considerations, together with the disclosure of vulnerabilities affecting AI-powered Chrome extensions resembling Anthropic’s Claude extension. Researchers have more and more warned that browser ecosystems, extensions, and developer tooling have gotten high-value targets for attackers due to their deep integration with enterprise workflows and cloud companies.
Google has suggested customers and organizations to replace Chrome instantly to the most recent obtainable model throughout Home windows, macOS, Linux, Android, and ChromeOS units. The browser usually updates routinely, however customers can manually set off the replace by navigating to Settings → Assist → About Google Chrome.
Cybersecurity analysts proceed emphasizing that well timed browser patching is important for enterprise and private safety. Fashionable browser exploits are continuously chained with phishing assaults, malicious commercials, compromised web sites, and extension-based assaults to realize broader system entry or steal credentials and delicate info.
