Critical Chrome Flaw Allows Attackers to Remotely Execute Code

Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems.

The flaw, identified as CVE-2025-0995, is categorized as a “Use-After-Free” vulnerability in V8, Chrome’s JavaScript engine.

The vulnerability was discovered and reported by an external security researcher, Popax21, on January 24, 2025, and has since been patched in the latest stable build of Chrome.

Patch Details and Updates

The Chrome Stable channel has been updated to versions 133.0.6943.98/.99 for Windows and Mac, and 133.0.6943.98 for Linux.

Google has announced that the update will roll out to users over the coming days and weeks. Users are strongly encouraged to update their browsers immediately to avoid exposure to potential attacks.

Chrome’s security team has emphasized that access to the technical details of the vulnerability will remain restricted until a majority of users have applied the update.

This is a precautionary measure to prevent threat actors from exploiting the flaw before users are protected.

Similarly, restrictions will remain in place if the issue is linked to third-party libraries used in other software projects that have not yet been patched.

Security Fixes Highlighted

This latest update addresses four high-severity security vulnerabilities, including:

1. CVE-2025-0995 – Use After Free in V8
   A critical vulnerability reported by Popax21, which could be exploited to execute arbitrary code remotely.
2. CVE-2025-0996 – Inappropriate Implementation in Browser UI
   Reported by researcher Yuki Yamaoto, who identified a flaw in Chrome’s browser interface that posed a high severity risk.
3. CVE-2025-0997 – Use After Free in Navigation
   Discovered by Asnine, this vulnerability could allow attackers to manipulate Chrome’s navigation components.
4. CVE-2025-0998 – Out-of-Bounds Memory Access in V8
   Identified by Alan Goodman, this issue could allow attackers to exploit memory vulnerabilities for malicious purposes.

Google has extended gratitude to all security researchers who assisted in identifying and mitigating these risks.

The company also highlighted its reliance on advanced detection tools like AddressSanitizer, MemorySanitizer, and libFuzzer to identify and address vulnerabilities proactively.

Users are urged to update Chrome to its latest version immediately. To check for updates, navigate to Settings > About Chrome in the browser.

This critical update underscores the importance of maintaining up-to-date software to ensure maximum protection against evolving security threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free