Chrome 148 Patches 151 Vulnerabilities, 22 Critical RCEs

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW israelvulnerability
Chrome 148 Patches 151 Vulnerabilities, 22 Critical RCEs

Google has rolled out Chrome version 148, addressing a significant security update that fixes 151 vulnerabilities. Among these, 22 are rated critical, posing severe risks to users. Cyber Updates - Asher Tamam highlights the gravity of these flaws, noting their potential for remote code execution (RCE) and sandbox escapes.

Two specific critical vulnerabilities called out by Cyber Updates - Asher Tamam are CVE-2026-9872, affecting the GPU component, and CVE-2026-9873, located within the browser’s networking mechanism. Both present prime targets for attackers looking to gain deep system access or bypass core browser security.

For defenders, this isn’t just another patch Tuesday. These aren’t theoretical issues; RCE and sandbox escapes are the holy grail for attackers. They offer direct avenues for persistent access and data exfiltration, making immediate patching non-negotiable. If you’re managing enterprise endpoints, this update needs to be prioritized now.

What This Means For You

  • If your organization relies on Chrome, mandate immediate updates to version 148 across all endpoints. These critical RCE and sandbox escape vulnerabilities are actively exploitable. Attackers will be reverse-engineering these patches fast. Don't wait for your users; push this update centrally.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1203 Exploitation for Client Execution Execution T1068 Exploitation for Privilege Escalation Privilege Escalation

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

Chrome GPU Component RCE Attempt (CVE-2026-9872)

Sigma YAML — free preview

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-9872 Vulnerability CVE-2026-9872

Written by SCW Vulnerability Desk

Take action on this incident
📡 Monitor google.com Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on Google All breaches, IOCs & vendor exposure

Related coverage on Google

Flowise RCE (CVE-2026-40933) Puts AI Supply Chains at Risk

Obsidian Security has released a Proof-of-Concept for a critical Remote Code Execution (RCE) vulnerability in Flowise, tracked as CVE-2026-40933. Rated 9.9 CVSS, this flaw allows...

israelvulnerability
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 3 Sigma

Composio Suffers LLM-Augmented Attack, Advises Key Revocation

Composio, an integration platform, recently reported a significant security incident where an attacker leveraged an LLM to breach their network. Cyber News - Erez Dasa...

israelvulnerabilityai-securitythreat-inteltools
/SCW Vulnerability Desk /MEDIUM /⚑ 4 IOCs /⚙ 3 Sigma

Microsoft Patches YellowKey: Public PoC Violates Disclosure

Microsoft has released a critical update to address a security feature bypass vulnerability, publicly dubbed "YellowKey." This flaw was brought to light after a researcher...

israelvulnerabilitymicrosoft
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs /⚙ 3 Sigma