Monday, May 12, 2025
HomeChromeCritical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Follow Us on Google News

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux.

This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming days and weeks.

Highlighted Security Fixes

The latest Chrome release includes fixes for five vulnerabilities, of which four were reported by external researchers.

- Advertisement - Google News

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Below is a detailed breakdown, including links to official CVE entries for further reading:

SeverityCVE IDDescription
HighCVE-2024-12693Type Confusion in V8
HighCVE-2024-12694Out of bounds memory access in V8
HighCVE-2024-12695Use after free in Compositing
HighCVE-2024-12695Out of bounds write in V8

In addition to addressing externally reported vulnerabilities, Google’s internal security teams have implemented various fixes stemming from audits, fuzzing, and other proactive initiatives.

These efforts are critical in preventing bugs from reaching the stable release channel. Tools such as AddressSanitizer, MemorySanitizer, and libFuzzer aid in detecting and resolving these issues early in the development cycle.

To protect users, bug details and CVE links are restricted until most users are updated. If a vulnerability involves a third-party library widely used across other projects, details may be withheld until those projects also issue fixes.

To ensure you are protected, update your Chrome browser to the latest version.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core...

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core...

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...