Overview
- Chrome 148 is now rolling out on Windows, macOS, and Linux as versions 148.0.7778.96/97, with corresponding Android and iOS releases.
- The release closes 127 vulnerabilities, including three critical issues: an integer overflow in the Blink page renderer (CVE-2026-7896) and use-after-free bugs in Mobile and Chromoting, Chrome’s Remote Desktop component (CVE-2026-7897, CVE-2026-7898).
- Google lists 31 high-severity flaws, 66 medium, and the rest low, spanning key parts of the browser such as the V8 JavaScript engine, ANGLE graphics layer, Skia, WebRTC, ServiceWorker, and more.
- Google says it discovered 100 of the issues internally and has paid external researchers $138,000 so far, including $43,000 for the Blink report and $55,000 to Project WhatForLunch for a V8 out-of-bounds bug.
- No exploits are currently known in the wild, and users can trigger the install right away by going to Help → About Google Chrome to download the update without waiting.