InfoSecBulletin Cybersecurity for mankind
Google has officially released Chrome 148 for Windows, Mac, and Linux. The new version is 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac. This update focuses a lot on security, fixing 127 issues all at once.
Out of 127 vulnerabilities fixed, three are rated Critical, more than twenty are High, and many are Medium or Low.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
Google gave over $100,000 in bug rewards to outside researchers for safely reporting problems. One researcher got $55,000 for finding a serious out-of-bounds read and write error in V8.
Critical Chrome Vulnerabilities Patched
The three Critical vulnerabilities are the most dangerous. CVE-2026-7896 is an integer overflow issue in the Blink rendering engine. An outside researcher reported it on March 18 and got a $43,000 reward.
CVE-2026-7897 and CVE-2026-7898 are use-after-free problems. One is in the Mobile part and the other is in Chromoting (Chrome Remote Desktop). Google reported them on April 18 and April 20.
The High-severity bracket covers a broad attack surface. CVE-2026-7899, an out-of-bounds read and write in Chrome’s V8 JavaScript engine, was reported by Project WhatForLunch (@pjwhatforlunch) and earned the update’s highest individual reward of $55,000.
CVE-2026-7900 and CVE-2026-7901 are bugs in ANGLE (the graphics layer). They are heap buffer overflow and use-after-free issues. Each got a reward of $16,000.
CVE-2026-7902 is a flaw in V8 that allows access to memory it shouldn’t. JunYoung Park from KAIST Hacking Lab reported it and got $8,000. These V8 and ANGLE issues are serious risks for being exploited by bad web pages.
Chrome 148 fixes some major problems and many use-after-free bugs in areas like SVG, DOM, Fullscreen, GPU, WebRTC, Skia, Passwords, ServiceWorker, PresentationAPI, WebAudio, and others.
Medium-severity issues also include a problem with object lifecycles in V8 (CVE-2026-7936), type confusion in WebRTC (CVE-2026-7988), and weak policy enforcement in DevTools, Extensions, and DirectSockets.
CVE-2026-8022 is a low-risk flaw in MHTML. A remote hacker might use this to steal data from other sites through a fake MHTML page if a user does certain actions.
Google recognized many independent researchers. This includes people from KAIST Hacking Lab, Tencent Security Xuanwu Lab, National Yang Ming Chiao Tung University’s Security and Systems Lab, and Theori.
