Google just dropped a massive security bombshell for Chrome users. Version 148.0.7778.96 is here, and it's packing over 100 patched vulnerabilities—more than double the fixes from the previous update. This isn't your routine browser refresh.
For Windows and macOS users, the new build arrives as versions 148.0.7778.96 and 148.0.7778.97. Linux users get version 148.0.7778.96. And here's the scary part: none of these flaws are being actively exploited in the wild. Yet. That's the quiet before the storm.
So what's new beyond the security fixes? Chrome's internal feature page quietly touts tab group syncing across devices. It's a handy trick—your carefully organized research tabs follow you from desktop to laptop. But eagle-eyed users already had this ability in Chrome 147, so it's more of a refinement than a revolution.
Two other features are still playing hard to get. Vertical tab organization is coming, letting you stack tabs along the side instead of squeezing them across the top. And reading mode is getting an upgrade, expanding to fill the entire browser window instead of cramming into a cramped split view. Both were promised for April, but they're still missing in action for most users.
Let's talk about the real meat: security. Srinivas Sista's post on the Chrome Releases blog lists a staggering 127 fixed vulnerabilities. That's more than double what Chrome 147 addressed. The dramatic jump isn't a coincidence—specialized AI tools appear to be supercharging vulnerability discovery, sniffing out flaws that human eyes might miss.
Google itself discovered exactly 100 of these vulnerabilities. External security researchers chipped in with the remaining 27, earning a collective $138,000 in bounties. That's a clear signal that crowdsourced security is paying off.
Three critical flaws stand out from the pack. CVE-2026-7896 is a nasty integer overflow lurking inside the Blink HTML renderer—the engine that turns code into the web pages you see. CVE-2026-7897 and CVE-2026-7898 are both use-after-free vulnerabilities, one in the Mobile component and another in Chromoting, the tech behind Chrome Remote Desktop. These are the kind of bugs that can let attackers hijack your browser from a distance.
Beyond the critical three, 31 high-risk vulnerabilities demand attention. More than half of those are also use-after-free flaws—a pattern that suggests attackers are homing in on a specific weakness. The rest break down into 66 medium-risk and 27 low-risk issues. Every single one is a potential door for bad actors.
Here's what you need to do right now: update Chrome immediately. The browser typically updates itself in the background, but don't leave it to chance. Navigate to the menu, find Help, then About Google Chrome. That forces a manual check and kicks off the update if one is waiting.
Mobile users aren't left behind. Chrome for Android just got version 148.0.7778.120, while iOS users received version 148.0.7778.100 last week. The Android build patches the same vulnerabilities as the desktop versions, so your phone needs protection too.
The Extended Stable Channel for Windows and macOS has already rolled up to version 148.0.7778.97. And mark your calendars: Chrome 149 is expected to land in early June. Until then, this update is your best defense against a wave of newly discovered threats.
Your browser is your gateway to the internet. One unpatched flaw is all it takes for an attacker to slip through. Every one of these 127 vulnerabilities was a crack in your digital armor. Now it's sealed. But the next breach is already being discovered.