Chrome safety replace addresses 22 essential severity flaws

Google has launched a significant Chrome safety replace that fixes 151 vulnerabilities within the browser, together with 22 critical-severity flaws.

Whereas no actively exploited zero-days had been disclosed, the unusually massive variety of vulnerabilities and the predominance of internally found bugs counsel that automated and AI-assisted safety auditing could also be enjoying an more and more vital position in vulnerability discovery.

The replace brings Chrome to model 148.0.7778.216/.217 for Home windows, 148.0.7778.215/.216 for macOS, and 148.0.7778.215 for Linux. The rollout started on Might 27 and can proceed over the approaching days and weeks.

In keeping with Google’s security advisory, the discharge comprises 151 safety fixes. A number of of probably the most extreme vulnerabilities have an effect on elements that course of untrusted net content material and graphics information, areas which have traditionally been engaging targets for browser exploit builders.

Among the many externally reported vulnerabilities, Google highlighted 4 essential flaws carrying bug bounty rewards between $5,000 and $43,000 every:

• CVE-2026-9872 – Out-of-bounds write in GPU
• CVE-2026-9873 – Use-after-free in Community
• CVE-2026-9874 – Use-after-free in Daybreak
• CVE-2026-9875 – Out-of-bounds learn in WebGL

The primary two flaws had been reported by researcher Cinzinga, who obtained rewards totaling $86,000 for the discoveries.

In complete, the discharge fixes 22 essential vulnerabilities, many involving reminiscence corruption bugs comparable to use-after-free situations, out-of-bounds reads and writes, integer overflows, and inadequate validation of untrusted enter. Vital points had been discovered throughout a broad vary of Chrome elements, together with:

• GPU
• Community
• Daybreak (WebGPU implementation)
• WebGL
• ANGLE graphics translation layer
• Bluetooth
• Browser core
• UI
• Proxy
• WebView
• XR/WebXR
• Extensions
• Skia graphics library

The replace additionally addresses greater than 90 high-severity vulnerabilities affecting elements comparable to V8, DOM, Accessibility, Website Isolation, WebRTC, PDFium, WebCodecs, Media, Password Supervisor, WebAudio, SVG, Enter dealing with, and quite a few graphics-related subsystems.

Of the 151 fixes, the overwhelming majority originated from Google’s personal safety efforts moderately than unbiased researchers. Comparable patterns have appeared in current Chrome releases, together with the Might 7 replace that patched 127 flaws. Though Google has not publicly acknowledged that AI instruments had been concerned in discovering these vulnerabilities, the development mirrors developments within the browser business.

The character of many Chrome vulnerabilities additionally aligns with the kinds of memory-safety defects that trendy AI-assisted auditing techniques and superior fuzzing frameworks are more and more efficient at uncovering.

As is commonplace observe, technical particulars and proof-of-concept info for lots of the bugs stay restricted till a majority of Chrome customers have put in the updates.

Customers ought to replace Chrome as quickly as potential by navigating to Settings → Assist → About Google Chrome, which can mechanically verify for and obtain the newest model. A browser restart is required to finish the set up of the safety fixes.