Massive Chrome Update Closes Critical Security Holes
Google has released a major security update for its Chrome browser, addressing 79 vulnerabilities in a single patch cycle. Among these, 14 flaws were rated critical, posing severe risks to users who have not yet updated. The latest stable version, 148.0.7778.167/168 for Windows and Mac, and 148.0.7778.167 for Linux, is rolling out gradually, but users and enterprise administrators are advised to apply the update manually without delay.
The patch tackles a wide range of memory corruption issues, including use after free and heap buffer overflow bugs, which are common in complex browser codebases. While Google typically withholds specific exploit details until most users have updated, the company has paid significant bug bounties to independent researchers, underscoring the severity of the findings. The largest reward of $43,000 went to a researcher who uncovered a critical heap buffer overflow in the WebML component.
Key Vulnerabilities and Impact
The update addresses multiple flaws that could allow attackers to execute arbitrary code via malicious HTML pages. Critical vulnerabilities patched include a heap buffer overflow in WebML, integer overflows in Skia and ANGLE, and numerous use after free issues across components such as UI, FileSystem, Input, Aura, HID, Blink, Tab Groups, and Downloads. Other high severity bugs include an insufficient validation issue in DataTransfer, an object lifecycle problem in WebShare, and a race condition in Payments.
Browser vulnerabilities are a prime target for threat actors because of Chrome’s widespread use. Exploiting these flaws could lead to remote code execution, data theft, or full system compromise. With this massive update, Google is closing a broad attack surface before attackers can weaponize the disclosures. Users and IT teams should prioritize this update to stay protected.
Source: Cyber Security News
