Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems.
The flaw, identified as CVE-2025-0995, is categorized as a “Use-After-Free” vulnerability in V8, Chrome’s JavaScript engine.
The vulnerability was discovered and reported by an external security researcher, Popax21, on January 24, 2025, and has since been patched in the latest stable build of Chrome.
The Chrome Stable channel has been updated to versions 133.0.6943.98/.99 for Windows and Mac, and 133.0.6943.98 for Linux.
Google has announced that the update will roll out to users over the coming days and weeks. Users are strongly encouraged to update their browsers immediately to avoid exposure to potential attacks.
Chrome’s security team has emphasized that access to the technical details of the vulnerability will remain restricted until a majority of users have applied the update.
This is a precautionary measure to prevent threat actors from exploiting the flaw before users are protected.
Similarly, restrictions will remain in place if the issue is linked to third-party libraries used in other software projects that have not yet been patched.
This latest update addresses four high-severity security vulnerabilities, including:
Google has extended gratitude to all security researchers who assisted in identifying and mitigating these risks.
The company also highlighted its reliance on advanced detection tools like AddressSanitizer, MemorySanitizer, and libFuzzer to identify and address vulnerabilities proactively.
Users are urged to update Chrome to its latest version immediately. To check for updates, navigate to Settings > About Chrome in the browser.
This critical update underscores the importance of maintaining up-to-date software to ensure maximum protection against evolving security threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The HELLCAT ransomware group has claimed responsibility for a significant data breach at Jaguar Land…
A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat,…
Apple has announced the integration of end-to-end encryption (E2EE) for Rich Communication Services (RCS) on…
A recent disclosure by Cisco Talos' Vulnerability Discovery & Research team highlighted several vulnerability issues…
Cybersecurity experts have uncovered how hackers use Cascading Style Sheets (CSS) to deceive spam filters…
Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control…