Chrome 148.0.7778.97 reached stable on May 5, 2026, patching several high-severity vulnerabilities including use-after-free in Aura and ANGLE, a heap buffer overflow in ANGLE, and out-of-bounds memory access in V8. Google published supplemental CVE advisories on May 6 covering further pre-148.0.7778.96 exposures. Teams running Chrome in managed or embedded contexts should treat this as a mandatory update given the CVSS profile of the V8 and ANGLE issues. On the developer side, Chrome 148 adds `loading="lazy"` to `<video>` and `<audio>` elements, reducing initial page weight for media-heavy pages without JavaScript workarounds. CSS Container Queries now allow querying a container by `container-name` alone, removing the requirement to also set `container-type`. The release also ships a browser Prompt API for on-device AI access, Connection Allowlists via HTTP response header, and a spec-alignment fix that sends `pointercancel`/`pointerout`/`pointerleave` to the drag source when a drag operation begins.