Google has released an update for Chrome for Windows, Mac, and Linux that patches four critical security vulnerabilities. Some of them could be exploited to execute malicious code or steal data.
This patch addresses vulnerabilities in the V8 JavaScript engine, browser UI, and navigation component, including multiple use-after-frees – vulnerabilities that allow attackers to manipulate memory to execute unauthorized code.
Specifically:
CVE-2025-0995: A critical use-after-free in V8, reported by Popax21. If exploited, an attacker could inject and run malicious code in the browser. Google is offering a $55,000 bounty for this discovery.
CVE-2025-0996: An improper implementation in the browser interface that could be exploited to spoof the UI and trick users.
CVE-2025-0997: A use-after-free in the navigation component that could be exploited to redirect users or steal data.
CVE-2025-0998: Out-of-range memory access in V8, which could lead to a crash or execution of malicious code.
Chrome may update automatically, but users are advised to check regularly and update immediately to avoid risks.
According to Security Online
Posts
0 Comments