A new Google Chrome security update has arrived with an unusually stark warning: Google confirmed 127 Chrome vulnerabilities, including three rated critical. For a browser many people use every day without much thought, that makes this release far more than routine maintenance.
Google has promoted Chrome 148 to the stable channel for Windows, Mac and Linux. The release is identified as Chrome 148.0.7778.96/97, and Google said the rollout will continue over the coming days/weeks. However, the size and severity of this patch change the usual advice. In this case, waiting for the browser to update itself may not be the best move.
The urgency comes from both volume and severity. Alongside the 127 Chrome vulnerabilities, Google said 31 are rated high. In plain terms, this is a major browser-security patch for software people rely on for banking, work, messages and everyday browsing.
Summary
Google Chrome security update lands with 127 fixes
Browser updates are common. Still, a Google Chrome security update that fixes 127 issues at once stands out quickly, especially when critical flaws are part of the package. The combination of three critical vulnerabilities and 31 high-rated ones puts this release in a more serious category than a normal background patch.
That matters because browsers are no longer just tools for opening websites. They are the front door to personal accounts, work systems and payment services. As a result, a large Chrome 148 update with this many security fixes affects a huge share of everyday internet activity.
What Google says the Chrome 148 update fixes
Google named three critical CVEs in this release: CVE-2026-7896, CVE-2026-7897 and CVE-2026-7898.
- CVE-2026-7896: integer overflow in Blink
- CVE-2026-7897: use after free in Mobile
- CVE-2026-7898: use after free in Chromoting
Google also said a researcher received a $43,000 bug bounty for reporting CVE-2026-7896. While those labels sound highly technical, the bigger point is easier to understand: these are the kinds of browser flaws Google treats with top urgency.
At the same time, Google has not published full technical details for most of the issues. That is a familiar step in browser security. By holding back deeper information, Google gives users more time to install the critical CVE fixes before attackers can study the changes too closely.
Why users should update Chrome now
The biggest practical takeaway from this Google Chrome security update is that the patch may not reach every device immediately. Google said the release will roll out over the coming days/weeks, which means some users could still be waiting while the stable-channel deployment continues.
Because of that delay, Google recommends updating manually through Help > About Google Chrome. For users, that is the difference between being protected now and being protected later. When a release includes critical CVEs and more than 100 total fixes, timing matters almost as much as the patch itself.
More broadly, a browser update with 127 fixes shows how intense modern software security work has become, especially for products exposed to the open web every second they are running. For Chrome users, the message is not just that bugs were found. Instead, it is that browser security remains a constant race, and this round was big enough for Google to effectively tell people not to sit back and wait.
How to install the Google Chrome security update
Users who want the Chrome 148 update right away can trigger the process from inside the browser.
- Open the three-dot menu.
- Go to Help > About Google Chrome.
That check should start the update process and move the browser to Chrome 148.0.7778.96/97 if the release is available for the device.
For now, the most important detail is not the long list of CVEs most users will never read. It is that this Google Chrome security update is already out, it fixes 127 Chrome vulnerabilities, and the people who update before the automatic rollout catches up will be covered first.
