Saturday, February 8, 2025
HomeCyber Security NewsChrome Security Update - Patch For 16 Vulnerabilities

Chrome Security Update – Patch For 16 Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

Google has released a significant security update for its Chrome browser, addressing 16 vulnerabilities in version 132.0.6834.83/84 for Windows, Mac, and Linux platforms.

This update, which will be rolled out over the coming days and weeks.

While this security update includes several critical fixes and improvements to enhance the security of the web browser.

The update addresses five high-severity vulnerabilities:

  1. CVE-2025-0434: Out of bounds memory access in V8 ($7000 bounty)
  2. CVE-2025-0435: Inappropriate implementation in Navigation ($7000 bounty)
  3. CVE-2025-0436: Integer overflow in Skia ($3000 bounty)
  4. CVE-2025-0437: Out of bounds read in Metrics ($2000 bounty)
  5. CVE-2025-0438: Stack buffer overflow in Tracing (bounty to be determined)

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Medium & Low-severity Vulnerabilities

The update also fixes several medium and low-severity vulnerabilities, including:-

  • Race condition in Frames
  • Inappropriate implementations in Fullscreen, Fenced Frames, and Payments
  • Insufficient data validation in Extensions

Here below we have mentioned all the medium and low-severity CVE IDs along with their severity:-

  • CVE-2025-0439 (Medium)
  • CVE-2025-0440 (Medium)
  • CVE-2025-0441 (Medium)
  • CVE-2025-0442 (Medium)
  • CVE-2025-0443 (Medium)
  • CVE-2025-0446 (Low)
  • CVE-2025-0447 (Low)
  • CVE-2025-0448 (Low)

Google acknowledges the contributions of external security researchers who reported these vulnerabilities.

The company awarded bounties ranging from $1000 to $7000 for the discovered issues, demonstrating its commitment to collaborating with the security community to improve Chrome’s safety.

In addition to addressing externally reported vulnerabilities, Google’s internal security team has implemented various fixes resulting from audits, fuzzing, and other initiatives.

The company employs advanced security tools such as AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer to detect and prevent security bugs.

Users are encouraged to update their Chrome browsers to the latest version to benefit from these security patches.

The update will be automatically rolled out, but users can manually check for updates by navigating to Chrome’s settings and clicking on “About Chrome.”

This approach helps Google to protect users from potential exploitation of known and evolving vulnerabilities.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...