By rssfeeds-admin The Stable channel has been updated to 148.0.7778.178/179 for Windows and Mac, and 148.0.7778.178 for Linux, with the rollout expected to complete over the coming days.
Critical Chrome Vulnerabilities Patched
The two most severe flaws both carry a Critical severity rating and were reported internally by Google on April 20, 2026:
- CVE-2026-9111 — A Use-After-Free vulnerability in WebRTC, which could be exploited to corrupt memory and achieve remote code execution through a maliciously crafted web page.
- CVE-2026-9110 — An Inappropriate Implementation flaw in the UI layer, which could allow attackers to bypass security restrictions or spoof browser interface elements.
Use-after-free bugs are particularly dangerous because they allow threat actors to manipulate freed memory regions, often leading to full system compromise when successfully chained with other exploits.
High-Severity Vulnerabilities Patched
Beyond the critical bugs, Google patched nine High-severity flaws spanning multiple components:
| CVE | Type | Component | Bounty |
|---|---|---|---|
| CVE-2026-9112 | Use-After-Free | GPU | $11,000 |
| CVE-2026-9113 | Out-of-Bounds Read | GPU | $3,000 |
| CVE-2026-9114 | Use-After-Free | QUIC | N/A |
| CVE-2026-9115 | Insufficient Policy Enforcement | Service Worker | N/A |
| CVE-2026-9116 | Insufficient Policy Enforcement | ServiceWorker | N/A |
| CVE-2026-9117 | Type Confusion | GFX | N/A |
| CVE-2026-9118 | Use-After-Free | XR | N/A |
| CVE-2026-9119 | Heap Buffer Overflow | WebRTC | N/A |
| CVE-2026-9120 | Use-After-Free | WebRTC | N/A |
CVE-2026-9112 and CVE-2026-9113 were responsibly disclosed by an external researcher identified as c6eed09fc8b174b0f3eebedcceb1e792, earning a combined $14,000 in bug bounties.
Other Medium-Severity Fixes
Google also patched five Medium-severity issues, including out-of-bounds reads in GPU (CVE-2026-9121, CVE-2026-9122 — credited to David Korczynski of Adalogics and the same external researcher), a heap buffer overflow in Chromecast (CVE-2026-9123), insufficient input validation (CVE-2026-9124), and a use-after-free in DOM (CVE-2026-9126).
Mitigations
Google notes that bug details will remain restricted until most users have received the patch, reducing the risk of exploitation during the rollout window.
Users and administrators should take the following steps immediately:
- Navigate to chrome://settings/help and confirm the browser version is 148.0.7778.178 or higher
- Restart Chrome to apply any pending updates
- Enterprise administrators should force-deploy the update via policy management tools
- Monitor Chrome release notes and CISA advisories for any active exploitation indicators
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.