Google continues to regularly update Chrome, the world’s most popular web browser with 3.5 billion active users, and the latest release stands out for 151 reasons. That’s the number of security vulnerabilities that have been patched, with 22 of these carrying a Common Vulnerabilities and Exposures severity rating of critical. Readers should note that these are vulnerabilities, not exploits, and that’s an important distinction. None of the vulnerabilities fixed by Google in the Chrome for Windows version 148.0.7778.216/217 update are known to have been used by attackers. They have, in fact, been discovered by security researchers working for Google itself and external bounty hunters. The update will be heading your way soon, but you can manually force the update to be on the safe side, and I will explain how in a moment.
Google Fixes 22 Critical Chrome Security Vulnerabilities, Awards $102,000 In Bounties—Here They Are In Full
The critical CVE rating should be enough to reveal how serious these 22 vulnerabilities would be if an attacker were to actually exploit them before they could be fixed, but another clue is present in the bug bounty reward payments already confirmed by Google for just four of them, which comes to $102,000 in total. That breaks down to two payments of $43,000 for CVE-2026-9872 and CVE-2026-9873, $11,000 for CVE-2026-9874 and $5,000 for CVE-2026-9875. The bounty for one vulnerability, CVE-2026-9876, is flagged as yet to be determined. As for the remaining 17, these are ineligible for a reward payment as they were discovered by Google itself.
These are the 22 critical-rated vulnerabilities; the full list of all 151 security flaws can be found here.
- CVE-2026-9872: Out of bounds write in GPU.
- CVE-2026-9873: Use after free in Network.
- CVE-2026-9874: Use after free in Dawn.
- CVE-2026-9875: Out of bounds read in WebGL.
- CVE-2026-9876: Use after free in WebGL.
- CVE-2026-9877: Use after free in ANGLE.
- CVE-2026-9878: Use after free in ANGLE.
- CVE-2026-9879: Out of bounds write in ANGLE.
- CVE-2026-9880: Insufficient validation of untrusted input in WebGL.
- CVE-2026-9881: Use after free in Bluetooth.
- CVE-2026-9882: Integer overflow in ANGLE.
- CVE-2026-9883: Use after free in Base.
- CVE-2026-9884: Use after free in Browser.
- CVE-2026-9885: Insufficient validation of untrusted input in UI.
- CVE-2026-9886: Use after free in Base.
- CVE-2026-9887: Use after free in Proxy.
- CVE-2026-9888: Use after free in WebView.
- CVE-2026-9889: Out of bounds read and write in Dawn.
- CVE-2026-9890: Use after free in XR.
- CVE-2026-9891: Use after free in Extensions.
- CVE-2026-9892: Inappropriate implementation in Skia.
- CVE-2026-9893: Use after free in Skia.
How To Manually Install The Google Chrome 148.0.7778.216/217 Security Update Right Now
While Google Chrome’s Srinivas Sista has advised that the 148.0.7778.216/217 security update is currently being rolled out, and this will be applied to your browser automatically, you can accelerate your browser security protection by manually installing it immediately as follows: Use the three-dot Chrome menu to select Help|About Google Chrome, and the update download and install process will begin. Once the installation is complete, Chrome will prompt you to restart to activate the protection.
