By rssfeeds-admin The update is now rolling out globally as version 148.0.7778.167/168 for Windows and Mac, and 148.0.7778.167 for Linux users.
This latest release highlights the ongoing security risks within widely used browser components such as WebML, Skia, Blink, GPU, and Media.
Since browsers process untrusted web content daily, even a single flaw can become a powerful entry point for attackers.
79 Chrome Vulnerabilities
Among the patched issues, the most severe include CVE-2026-8509, a heap buffer overflow in WebML, and CVE-2026-8510, an integer overflow in the Skia graphics engine.
Both vulnerabilities could allow remote attackers to execute arbitrary code using specially crafted web pages.
Several critical bugs stem from memory safety issues like use-after-free, where memory is accessed after being released.
These were identified across key components, including UI, FileSystem, Input, Aura, HID, Blink, Downloads, and Tab Groups.
Such flaws are frequently exploited in real-world attacks because they can lead to full browser compromise.
Google also fixed validation and lifecycle issues in DataTransfer and WebShare, along with a race condition in the Payments module.
These weaknesses could enable attackers to manipulate browser behavior or bypass security protections.
In addition to critical flaws, dozens of high-severity vulnerabilities were addressed. These include memory corruption bugs in WebAudio, WebRTC, GPU, Codecs, and Fonts, as well as type confusion issues in the V8 JavaScript engine and ANGLE.
Notably, CVE-2026-8539 involves a script-injection flaw in the Sanitizer API, while CVE-2026-8540 is a type confusion issue in V8.
Attackers often chain such vulnerabilities together, for example, combining a type confusion bug with a memory corruption flaw, to achieve reliable exploitation.
Other issues were caused by insufficient validation of untrusted input in components like Downloads, GPU, Reading Mode, and Site Isolation, potentially allowing security bypass or malicious data injection.
Google also resolved multiple medium-severity issues related to policy enforcement weaknesses, UI inconsistencies, and side-channel leaks across modules such as Payments, WebXR, Navigation, and AI-related features. While less severe individually, these can still play a role in multi-stage attacks.
Although no active exploitation has been confirmed, the large number of memory-related vulnerabilities increases the likelihood of future attacks.
Google credited both internal teams and external researchers, with bug bounty rewards reaching up to $43,000.
CVEs Patched
| CVE ID | Vulnerability | Component | Severity |
|---|---|---|---|
| CVE-2026-8509 | Heap buffer overflow | WebML | Critical |
| CVE-2026-8510 | Integer overflow | Skia | Critical |
| CVE-2026-8511 | Use-after-free | UI | Critical |
| CVE-2026-8512 | Use-after-free | FileSystem | Critical |
| CVE-2026-8513 | Use-after-free | Input | Critical |
| CVE-2026-8514 | Use-after-free | Aura | Critical |
| CVE-2026-8515 | Use-after-free | HID | Critical |
| CVE-2026-8516 | Insufficient validation | DataTransfer | Critical |
| CVE-2026-8517 | Object lifecycle issue | WebShare | Critical |
| CVE-2026-8518 | Use-after-free | Blink | Critical |
| CVE-2026-8519 | Integer overflow | ANGLE | Critical |
| CVE-2026-8520 | Race condition | Payments | Critical |
| CVE-2026-8521 | Use-after-free | Tab Groups | Critical |
| CVE-2026-8522 | Use-after-free | Downloads | Critical |
| CVE-2026-8523 – CVE-2026-8559 | Multiple issues (memory corruption, type confusion, validation flaws) | Multiple Components | High |
| CVE-2026-8560 – CVE-2026-8587 | Policy, UI, and side-channel issues | Multiple Components | Medium |
Users are strongly advised to update Chrome immediately via Settings → About Chrome. For example, an attacker could craft a malicious webpage exploiting a use-after-free flaw to silently take control of a system, making timely patching critical for both individuals and organizations.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post 79 Chrome Vulnerabilities Patched, Including 14 Critical Flaws – Update Now appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.