Google has released Chrome 148 to the stable channel, addressing 127 security vulnerabilities, including three critical issues. The update targets a critical integer overflow vulnerability in the Blink component, identified as CVE-2026-7896, which could be exploited by remote attackers through specially crafted HTML pages. Google awarded a $43,000 bug bounty for this discovery. Additionally, two critical use-after-free vulnerabilities tracked as CVE-2026-7897 and CVE-2026-7898 have been resolved, impacting the Mobile and Chromoting components.
The latest update also patches over 30 high-severity vulnerabilities, mostly use-after-free bugs affecting various components such as ANGLE, SVG, and WebRTC. Noteworthy among these is an out-of-bounds read and write issue in the V8 JavaScript engine, for which a $55,000 bug bounty was awarded. Other high-severity flaws include heap buffer overflows, insufficient validation, and out-of-bounds memory access.
More than 60 medium-severity issues and several low-severity vulnerabilities were also addressed. Google has paid $138,000 in bug bounties to external researchers, though the total could rise as more rewards are finalized. Chrome 148 is available as version 148.0.7778.96 for Linux and versions 148.0.7778.96/97 for Windows and macOS.


