Chrome 148 Patches 79 Vulnerabilities Including 14 Critical Flaws

Google released a massive security update for Chrome on May 15, 2026, patching 79 vulnerabilities with 14 rated critical. The stable channel now sits at version 148.0.7778.167/168 for Windows and Mac, with Linux users receiving 148.0.7778.167.

The sheer volume of this release—more than double a typical Patch Tuesday—reflects the ongoing battle against memory corruption bugs in complex browser architectures. Enterprise administrators and security-conscious users should trigger manual updates rather than waiting for the gradual rollout.

What Was Fixed

The update addresses multiple categories of memory management flaws that could allow attackers to execute arbitrary code through malicious web pages:

• Use-after-free (UAF): The largest category, where memory is accessed after being freed
• Heap buffer overflow: Writing beyond allocated memory boundaries
• Type confusion: Treating objects as different types than they actually are
• Out-of-bounds read/write: Accessing memory outside intended boundaries

Google's Chrome Release Blog withholds specific CVE details until most users have updated—standard practice to prevent weaponization during the patch gap.

Why Browser Bugs Are Critical

Modern browsers are among the most complex software on user devices, executing untrusted code from the internet constantly. A single visit to a compromised or malicious website can trigger exploitation if the browser is unpatched.

The 14 critical-severity vulnerabilities likely enable remote code execution—meaning an attacker could gain control of your system simply by convincing you to visit a page. No clicks, downloads, or user interaction beyond loading the URL.

Earlier this year, we covered actively exploited Chrome zero-days that CISA added to the KEV catalog. This update likely addresses similar vulnerability classes.

How to Update

Desktop (Windows, Mac, Linux):

1. Open Chrome
2. Click the three-dot menu (top right)
3. Navigate to Help > About Google Chrome
4. Chrome will check for updates and apply them
5. Click "Relaunch" to complete the update

Enterprise environments: Push updates via your endpoint management solution. Don't wait for the gradual rollout—79 vulnerabilities means a large attack surface.

Verify your version: After restart, return to Help > About Google Chrome. You should see version 148.0.7778.167 or higher.

Chromium-Based Browsers

If you use browsers built on Chromium—Microsoft Edge, Brave, Vivaldi, Opera—expect corresponding updates within days. These browsers inherit Chrome's vulnerabilities along with its rendering engine. Check each browser's update mechanism independently.

Edge users should watch for updates in the coming week. Microsoft typically releases Edge security updates shortly after Chrome patches.

The Bigger Picture

This release continues a trend of increasingly large browser security updates. Chrome's codebase has grown substantially with features like WebGPU, WebCodecs, and advanced site isolation. More code means more potential vulnerabilities.

Google's bug bounty program drives much of this discovery. External researchers reported many of these issues, earning rewards for finding bugs before attackers could exploit them. The program has paid out over $50 million to date.

What You Should Do

1. Update Chrome now—don't wait for automatic updates
2. Enable automatic updates if you haven't already
3. Restart your browser after updating; the patch isn't active until restart
4. Check other Chromium browsers you use for corresponding updates
5. Consider browser isolation for high-risk browsing in enterprise environments

May 2026 has delivered critical patches across the stack—Microsoft's Patch Tuesday dropped 120 vulnerabilities, NGINX disclosed an 18-year-old RCE, and now Chrome adds 79 more. For guidance on maintaining system security across these updates, see our online safety tips guide.