Chrome 148 Update Patches Critical Vulnerabilities
The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek.
Google this week released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity bugs across multiple components.
The first critical issue is a heap buffer overflow in WebML tracked as CVE-2026-8509, for which the internet giant paid a $43,000 bug bounty.
Google has not shared details on the flaw, but its severity rating and the paid amount suggest that it could be exploited for remote code execution.
Source: https://www.securityweek.com/chrome-148-update-patches-critical-vulnerabilities/
Related breach coverage
- F5 Patches Over 50 Vulnerabilities2026-05-14
The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek.
- PoC Code Published for Critical NGINX Vulnerability2026-05-16
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.
- In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws2026-05-15
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The post In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws appeared first on SecurityWeek.
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises2026-05-13
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.