Thursday, May 1, 2025
HomeChromeCritical Chrome Flaw Allows Attackers to Remotely Execute Code

Critical Chrome Flaw Allows Attackers to Remotely Execute Code

Published on

SIEM as a Service

Follow Us on Google News

Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems.

The flaw, identified as CVE-2025-0995, is categorized as a “Use-After-Free” vulnerability in V8, Chrome’s JavaScript engine.

The vulnerability was discovered and reported by an external security researcher, Popax21, on January 24, 2025, and has since been patched in the latest stable build of Chrome.

- Advertisement - Google News

Patch Details and Updates

The Chrome Stable channel has been updated to versions 133.0.6943.98/.99 for Windows and Mac, and 133.0.6943.98 for Linux.

Google has announced that the update will roll out to users over the coming days and weeks. Users are strongly encouraged to update their browsers immediately to avoid exposure to potential attacks.

Chrome’s security team has emphasized that access to the technical details of the vulnerability will remain restricted until a majority of users have applied the update.

This is a precautionary measure to prevent threat actors from exploiting the flaw before users are protected.

Similarly, restrictions will remain in place if the issue is linked to third-party libraries used in other software projects that have not yet been patched.

Security Fixes Highlighted

This latest update addresses four high-severity security vulnerabilities, including:

  1. CVE-2025-0995 – Use After Free in V8
    A critical vulnerability reported by Popax21, which could be exploited to execute arbitrary code remotely.
  2. CVE-2025-0996 – Inappropriate Implementation in Browser UI
    Reported by researcher Yuki Yamaoto, who identified a flaw in Chrome’s browser interface that posed a high severity risk.
  3. CVE-2025-0997 – Use After Free in Navigation
    Discovered by Asnine, this vulnerability could allow attackers to manipulate Chrome’s navigation components.
  4. CVE-2025-0998 – Out-of-Bounds Memory Access in V8
    Identified by Alan Goodman, this issue could allow attackers to exploit memory vulnerabilities for malicious purposes.

Google has extended gratitude to all security researchers who assisted in identifying and mitigating these risks.

The company also highlighted its reliance on advanced detection tools like AddressSanitizer, MemorySanitizer, and libFuzzer to identify and address vulnerabilities proactively.

Users are urged to update Chrome to its latest version immediately. To check for updates, navigate to Settings > About Chrome in the browser.

This critical update underscores the importance of maintaining up-to-date software to ensure maximum protection against evolving security threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...