Google has released a major security update for Google Chrome Stable Channel, addressing 151 vulnerabilities, including 22 critical flaws impacting core graphics, networking, media, and user interface components across Windows, macOS, and Linux platforms.

Critical Vulnerabilities Addressed in Chrome Update

Google has patched three Critical-severity vulnerabilities in Google Chrome that could potentially allow attackers to execute arbitrary code or compromise affected systems.

• CVE-2026-7896 – An integer overflow vulnerability in the Blink rendering engine. The flaw was reported by an external security researcher on March 18 and was significant enough to receive a $43,000 bug bounty reward from Google.
• CVE-2026-7897 – A use-after-free vulnerability affecting the Chrome Mobile component, internally identified by Google on April 18.
• CVE-2026-7898 – A use-after-free vulnerability in Chromoting (Chrome Remote Desktop), internally discovered by Google on April 20.

Successful exploitation of these vulnerabilities could lead to memory corruption, application crashes, or remote code execution under certain conditions. Users and organizations are strongly advised to update Chrome to the latest available Stable release immediately.

Fixed Software Versions

Versions Google Chrome 148.0.7778.215 for Android and Linux, 148.0.7778.215/216 for macOS, and 148.0.7778.216/217 for Windows contain the bug fixes, as Google writes in the release announcement. For Android and iOS, Google is also distributing browsers of the 149 version branch in smaller waves.

The update for the Chromium-based web browsers is usually initiated by the version dialog, which is hidden behind “Help” and then “About” or “Info” on the respective browser name in the browser menu (usually an icon with three stacked dots or lines). On Linux, the distribution’s software management is usually responsible for this. However, updates often arrive with a delay in Apple’s and Google’s app stores; acceleration cannot be forced.

Those who use Chrome-based web browsers like Microsoft Edge should also check here whether the manufacturer has already distributed the updates.

Chrome updates:

According to Chrome’s advisory, the detected bugs were uncovered using automated fuzzing and sanitizer tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, libFuzzer, and AFL, underscoring the scale of Google’s proactive security testing infrastructure.

Users across Windows, Mac, and Linux should immediately update to Chrome 148.0.7778.96/97 to remediate these vulnerabilities.

The next stable release, Chrome 149, is scheduled for June 2, 2026. Users can update via Settings → Help → About Google Chrome, which triggers an automatic download and install.

Sources: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html

Sources: https://www.heise.de/en/news/Chrome-update-closes-151-security-holes-22-of-them-critical-11310878.html