Chrome 148 Update Patches 151 Vulnerabilities, Including Critical RCE Flaws
Google released Chrome 148, fixing 151 vulnerabilities, including critical-severity bugs that could enable remote code execution.

Google has released Chrome 148, a major security update that patches 151 vulnerabilities across the browser's components. The update includes fixes for critical-severity flaws that could allow remote code execution, as well as numerous high-risk memory safety bugs and other security defects. Users are urged to update immediately to mitigate potential exploitation.
The update addresses multiple memory safety bugs and other high-risk issues across the browser's components. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.
Among the most severe issues are critical-severity security defects that could potentially lead to remote code execution. These vulnerabilities affect core browser components and could be exploited by attackers to gain control of affected systems. The update is available for Windows, macOS, and Linux platforms.
Google has not yet disclosed full details of all 151 vulnerabilities, but the company typically releases technical details after a majority of users have updated. The update follows a trend of increasingly large Chrome security patches, with Google attributing many recent discoveries to AI-driven fuzzing and automated discovery tools.
The Chrome 148 update is part of Google's ongoing effort to improve browser security. The company has been investing heavily in automated vulnerability discovery, including AI-driven fuzzing, which has led to a surge in internally discovered vulnerabilities. This approach has allowed Google to identify and patch flaws before they can be exploited in the wild.
Security experts recommend that users enable automatic updates or manually update Chrome to the latest version as soon as possible. Enterprise administrators should prioritize deploying the update across their organizations to reduce the risk of exploitation.
The update also includes various stability and performance improvements, though the primary focus is on addressing the security vulnerabilities. Google has not reported any active exploitation of these vulnerabilities in the wild, but the company advises users to update as a precautionary measure.
This release underscores the importance of keeping browsers up to date, as they are a primary attack vector for cybercriminals. With the increasing number of vulnerabilities being discovered and patched, users must remain vigilant and ensure their software is always current.
Google Chrome 149 has been released, patching a record-breaking 429 vulnerabilities, significantly exceeding the number fixed in the previous Chrome 148 update. Among these, over 100 are classified as critical or high-severity, with the most severe being CVE-2026-10881, a critical out-of-bounds read and write flaw in the ANGLE graphics engine that could allow for sandbox escape and code execution. Google paid out approximately $208,000 in bug bounties for these discoveries, with the final amount potentially higher as some rewards are still undisclosed.
This new advisory details CVE-2026-11645, a high-severity vulnerability in the Chrome V8 JavaScript engine that allows remote attackers to execute arbitrary code via crafted HTML pages. The vulnerability stems from an out-of-bounds read and write weakness, enabling heap corruption and potential bypass of security mechanisms like ASLR.