Google Chrome Multiple Vulnerability

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the Google Chrome desktop browser, particularly in versions 148.0.7778.178 and 148.0.7778.179 for Windows and Mac, and version 148.0.7778.178 for Linux. These vulnerabilities range from high-severity memory exploitation and buffer overflow threats to critical system-level execution vulnerabilities. The affected vulnerabilities pose significant business risks, as they could allow attackers to execute unauthorized code, manipulate browser interactions, or break out of the browser's sandbox. This could lead to data breaches, unauthorized access, and other security incidents that could compromise business operations, damage reputation, and incur significant financial losses.[emaillocker id="1283"]

• CVE-2026-9111 with a CVSS score of 9.8 – This critical vulnerability is a Use-After-Free (UAF) memory corruption bug in Chrome's WebRTC engine, allowing attackers to manipulate browser interactions and execute malicious code on the host device.
• CVE-2026-9110 with a CVSS score of 9.8 – This critical vulnerability is an "Inappropriate implementation" flaw in the browser's User Interface (UI) subsystem, permitting malicious web entities to mimic native browser dialogs, spoof security address indicators, or manipulate origin policies to execute unauthorized tasks.
• CVE-2026-9112 with a CVSS score of 8.1 – This high-severity Use-After-Free vulnerability operates inside Chrome's GPU pipeline, potentially allowing attackers to read adjacent kernel memory fragments.
• CVE-2026-9113 with no CVSS score mentioned – This high-severity out-of-bounds read vulnerability is located within the graphics processing architecture, allowing malicious web applications to read adjacent kernel memory fragments.
• CVE-2026-9119 with no CVSS score mentioned – This high-severity heap buffer overflow vulnerability is located within the WebRTC engine, potentially allowing attackers to execute malicious code on the host device.
• CVE-2026-9121 with no CVSS score mentioned – This medium-severity out-of-bounds read vulnerability is located within the GPU layer, potentially allowing attackers to read adjacent kernel memory fragments.
• CVE-2026-9123 with no CVSS score mentioned – This medium-severity localized heap buffer overflow vulnerability is located within internal Chromecast configurations, potentially allowing attackers to execute malicious code on the host device.
• The recent Google Chrome update addresses a swarm of high-severity vulnerabilities, including Use-After-Free and Type Confusion bugs, which could allow attackers to execute unauthorized code, manipulate browser interactions, or break out of the browser's sandbox. This poses significant business risks, as data breaches, unauthorized access, and other security incidents could compromise business operations, damage reputation, and incur significant financial losses. The update is critical for enterprise administrators, security specialists, and high-risk users to eliminate exposure to these flaws immediately.

RECOMMENDATION:

• We recommend you to update Google Chrome to version 148.0.7778.178/179 for Windows and Mac, and version 148.0.7778.178 for Linux.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/google-chrome-desktop-security-update-webrtc-cve-2026-9111/