Google has released a major Chrome security update that fixes 151 vulnerabilities in the browser, including 22 critical-severity flaws.
While no actively exploited zero-days were disclosed, the unusually large number of vulnerabilities and the predominance of internally discovered bugs suggest that automated and AI-assisted security auditing may be playing an increasingly significant role in vulnerability discovery.
The update brings Chrome to version 148.0.7778.216/.217 for Windows, 148.0.7778.215/.216 for macOS, and 148.0.7778.215 for Linux. The rollout began on May 27 and will continue over the coming days and weeks.
According to Google's security advisory, the release contains 151 security fixes. Several of the most severe vulnerabilities affect components that process untrusted web content and graphics data, areas that have historically been attractive targets for browser exploit developers.
Among the externally reported vulnerabilities, Google highlighted four critical flaws carrying bug bounty rewards between $5,000 and $43,000 each:
- CVE-2026-9872 – Out-of-bounds write in GPU
- CVE-2026-9873 – Use-after-free in Network
- CVE-2026-9874 – Use-after-free in Dawn
- CVE-2026-9875 – Out-of-bounds read in WebGL
The first two flaws were reported by researcher Cinzinga, who received rewards totaling $86,000 for the discoveries.
In total, the release fixes 22 critical vulnerabilities, many involving memory corruption bugs such as use-after-free conditions, out-of-bounds reads and writes, integer overflows, and insufficient validation of untrusted input. Critical issues were found across a broad range of Chrome components, including:
- GPU
- Network
- Dawn (WebGPU implementation)
- WebGL
- ANGLE graphics translation layer
- Bluetooth
- Browser core
- UI
- Proxy
- WebView
- XR/WebXR
- Extensions
- Skia graphics library
The update also addresses more than 90 high-severity vulnerabilities affecting components such as V8, DOM, Accessibility, Site Isolation, WebRTC, PDFium, WebCodecs, Media, Password Manager, WebAudio, SVG, Input handling, and numerous graphics-related subsystems.
Of the 151 fixes, the vast majority originated from Google's own security efforts rather than independent researchers. Similar patterns have appeared in recent Chrome releases, including the May 7 update that patched 127 flaws. Although Google has not publicly stated that AI tools were involved in discovering these vulnerabilities, the trend mirrors developments in the browser industry.
The nature of many Chrome vulnerabilities also aligns with the types of memory-safety defects that modern AI-assisted auditing systems and advanced fuzzing frameworks are increasingly effective at uncovering.
As is standard practice, technical details and proof-of-concept information for many of the bugs remain restricted until a majority of Chrome users have installed the updates.
Users should update Chrome as soon as possible by navigating to Settings → Help → About Google Chrome, which will automatically check for and download the latest version. A browser restart is required to complete the installation of the security fixes.
Leave a Reply