{"id":12891,"date":"2026-05-15T10:04:02","date_gmt":"2026-05-15T10:04:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/05\/15\/79-chrome-vulnerabilities-patched-including-14-critical-ones-update-now\/"},"modified":"2026-05-15T10:04:02","modified_gmt":"2026-05-15T10:04:02","slug":"79-chrome-vulnerabilities-patched-including-14-critical-ones-update-now","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/05\/15\/79-chrome-vulnerabilities-patched-including-14-critical-ones-update-now\/","title":{"rendered":"79 Chrome Vulnerabilities Patched, Including 14 Critical One\u2019s \u2013 Update Now!"},"content":{"rendered":"

79 Chrome Vulnerabilities Patched, Including 14 Critical One\u2019s \u2013 Update Now!
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Google has rolled out a massive security update for its Chrome browser<\/a>, sealing a staggering 79 vulnerabilities before threat actors can exploit them.<\/p>\n

With 14 of these flaws rated as critical, browsing the web on an outdated version leaves your entire system wide open to devastating cyberattacks.<\/p>\n

The newest stable release bumps Chrome to 148.0.7778.167\/168 on Windows and Mac, while Linux users will upgrade to 148.0.7778.167.<\/p>\n

Google is deploying this patch over the coming days, but proactive users and enterprise administrators should trigger the update manually.<\/p>\n

The sheer volume of this release highlights the constant battle against memory corruption bugs, particularly \u201cUse-after-free\u201d (UAF) and \u201cHeap buffer overflow\u201d flaws that commonly plague complex browser architectures.<\/p>\n

As standard practice, Google keeps specific exploit details<\/a> and proof-of-concept code restricted.<\/p>\n

This creates a vital window for the global user base to install the patch before malware operators weaponize the disclosures.<\/p>\n

However, the tech giant has already paid out hefty bug bounties<\/a> to independent researchers, highlighting the severity of the findings.<\/p>\n

The highest reward of $43,000 went to an external researcher who discovered a critical heap buffer overflow in the WebML component.<\/p>\n

Critical Chrome Vulnerabilities Patched<\/strong><\/h2>\n

Google released fixes for multiple memory management flaws<\/a> that could let attackers execute arbitrary code through malicious HTML pages.<\/p>\n

Below is a breakdown of the most severe vulnerabilities patched in this update that every security intelligence team needs to track.<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE ID<\/th>\nComponent<\/th>\nVulnerability Type<\/th>\nReporter<\/th>\nBounty<\/th>\n<\/tr>\n<\/thead>\n
CVE-2026-8509<\/strong><\/td>\nWebML<\/td>\nHeap buffer overflow<\/td>\nc6eed09fc8b174b0f3eebedcceb1e792<\/td>\n$43,000<\/td>\n<\/tr>\n
CVE-2026-8510<\/td>\nSkia<\/td>\nInteger overflow<\/td>\nq@calif.io<\/td>\n$25,000<\/td>\n<\/tr>\n
CVE-2026-8511<\/strong><\/td>\nUI<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8512<\/strong><\/td>\nFileSystem<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8513<\/strong><\/td>\nInput<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8514<\/strong><\/td>\nAura<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8515<\/strong><\/td>\nHID<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8516<\/strong><\/td>\nDataTransfer<\/td>\nInsufficient validation of untrusted input<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8517<\/strong><\/td>\nWebShare<\/td>\nObject lifecycle issue<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8518<\/strong><\/td>\nBlink<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8519<\/strong><\/td>\nANGLE<\/td>\nInteger overflow<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8520<\/strong><\/td>\nPayments<\/td>\nRace condition<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8521<\/strong><\/td>\nTab Groups<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n
CVE-2026-8522<\/strong><\/td>\nDownloads<\/td>\nUse after free<\/td>\nGoogle<\/td>\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Threat actors heavily target browser vulnerabilities to bypass sandboxes<\/a>, steal sensitive data, and compromise the underlying operating system.<\/p>\n

Delaying this patch is a direct risk to your infrastructure. Take these immediate steps to secure your environment:<\/p>\n