SecurityWeek via Reddit

Chrome 148 closes 14 critical flaws in AI engine

google cybersecurity cybersecurity browser-security

Key insights

  • Chrome's WebML engine, used for on-device AI inference, received its first publicly disclosed critical heap overflow vulnerability (CVE-2026-8509, $43,000 bounty).
  • Chrome 148 patches 79 total vulnerabilities including 14 critical and 37 high-severity flaws across core browser subsystems.
  • Google confirmed no active in-the-wild exploitation for any of the 79 patched vulnerabilities at release time.

Why this matters

The WebML engine flaw marks a new category of browser vulnerability where on-device AI inference becomes an attack vector, meaning every browser that ships local ML capabilities inherits a class of memory-safety risk that security teams have not historically audited for. For AI product teams shipping in-browser inference (using WebNN, ONNX runtime, or similar), this is a signal that their chosen execution environment now carries critical-rated CVEs tied directly to ML workloads. Enterprise security leaders who greenlit browser-based AI features under the assumption that sandboxing was sufficient now have a concrete counterexample to reassess that posture.

Summary

Google's Chrome 148 ships with fixes for 79 vulnerabilities, 14 of them rated critical, including two high-bounty flaws that put the browser's on-device AI inference layer under scrutiny for the first time at this scale. The headlining bug is a heap buffer overflow in Chrome's WebML engine (CVE-2026-8509), the component responsible for running machine learning models locally inside the browser. Google paid the reporting researcher $43,000 for it. A second critical flaw, an integer overflow in the Skia graphics library (CVE-2026-8510), earned a $25,000 bounty. Eight more critical use-after-free vulnerabilities span Chrome's UI, FileSystem, HID, Blink renderer, Tab Groups, and Downloads subsystems. Essentially: (Google, Chrome security team) patched a growing attack surface created by embedding AI inference directly into the browser runtime. - CVE-2026-8509 targets the WebML engine, which handles on-device model execution, making it a novel class of browser vulnerability tied specifically to AI workloads. - 37 high-severity issues were also resolved in the same release, signaling a broad sweep rather than a targeted patch. - Google confirmed no in-the-wild exploitation of any patched flaw at time of release. As browsers absorb more AI functionality natively, their attack surface expands in ways traditional browser security models were not designed to handle.

Potential risks and opportunities

Risks

  • Enterprises running Chromium-based browsers in AI-assisted workflows (Copilot in Edge, Gemini in Chrome) face a narrow window of exposure on unpatched endpoints before IT rollout completes, particularly in regulated industries with slower patch cycles.
  • WebNN and WebML API standardization efforts at the W3C could face pushback or mandatory security review mandates from browser vendors, potentially delaying the spec timeline beyond Q3 2026.
  • Security researchers now have a confirmed profitable target class in browser-side ML engines; bounty competition for WebML, WebGPU, and WebNN bugs is likely to intensify, increasing disclosure volume and patch cadence burden for Google's browser team.

Opportunities

  • Browser security testing vendors (PortSwigger, Synack, HackerOne) can position WebML and WebNN fuzzing capabilities as a new service line for enterprise clients deploying browser-based AI features.
  • Server-side inference providers (Modal, Baseten, Replicate) gain a concrete security argument against in-browser model execution, useful in sales cycles targeting regulated enterprise buyers evaluating deployment architecture.
  • Memory-safe ML runtime projects (Burn in Rust, Candle) can reference CVE-2026-8509 as evidence for why reimplementing inference engines in memory-safe languages reduces critical CVE exposure at the browser layer.

What we don't know yet

  • Whether the WebML heap overflow is exploitable across all platforms (Windows, macOS, Linux, Android) or only specific OS and GPU driver configurations has not been disclosed.
  • Google has not clarified whether third-party Chromium-based browsers (Edge, Brave, Arc) have already shipped equivalent patches or remain exposed as of May 15, 2026.
  • The full technical details of CVE-2026-8509 remain under a disclosure embargo period whose end date Google has not publicly announced.

Originally reported by SecurityWeek

Read the original article →

Original headline: Chrome 148 Update Patches 14 Critical Vulnerabilities Including Heap Overflow in WebML Engine and Integer Overflow in Skia