Overview
- Chrome 148, which began rolling out Friday, is shipping as 148.0.7778.167/168 on Windows and macOS and 148.0.7778.167 on Linux, with matching Android and iOS builds.
- The release fixes 79 security bugs, including 14 critical tracked as CVE-2026-8509 through CVE-2026-8522 that span components such as WebML, Skia, UI, and Payments.
- Google reports no known in-the-wild attacks but urges users to update by opening Help → About Google Chrome and then restarting to turn on the protections.
- Use-after-free memory bugs dominate the list, including eight of the critical issues, because freed memory can be accessed again and that can let an attacker run code.
- Google says it found 59 of the flaws in-house and external researchers reported 20, with disclosed rewards up to $43,000, and it is holding back technical details until most users install the fix.