Cyber Security News

Critical Chrome Flaw Allows Attackers to Remotely Execute Code

Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems.

The flaw, identified as CVE-2025-0995, is categorized as a “Use-After-Free” vulnerability in V8, Chrome’s JavaScript engine.

The vulnerability was discovered and reported by an external security researcher, Popax21, on January 24, 2025, and has since been patched in the latest stable build of Chrome.

Patch Details and Updates

The Chrome Stable channel has been updated to versions 133.0.6943.98/.99 for Windows and Mac, and 133.0.6943.98 for Linux.

Google has announced that the update will roll out to users over the coming days and weeks. Users are strongly encouraged to update their browsers immediately to avoid exposure to potential attacks.

Chrome’s security team has emphasized that access to the technical details of the vulnerability will remain restricted until a majority of users have applied the update.

This is a precautionary measure to prevent threat actors from exploiting the flaw before users are protected.

Similarly, restrictions will remain in place if the issue is linked to third-party libraries used in other software projects that have not yet been patched.

Security Fixes Highlighted

This latest update addresses four high-severity security vulnerabilities, including:

  1. CVE-2025-0995 – Use After Free in V8
    A critical vulnerability reported by Popax21, which could be exploited to execute arbitrary code remotely.
  2. CVE-2025-0996 – Inappropriate Implementation in Browser UI
    Reported by researcher Yuki Yamaoto, who identified a flaw in Chrome’s browser interface that posed a high severity risk.
  3. CVE-2025-0997 – Use After Free in Navigation
    Discovered by Asnine, this vulnerability could allow attackers to manipulate Chrome’s navigation components.
  4. CVE-2025-0998 – Out-of-Bounds Memory Access in V8
    Identified by Alan Goodman, this issue could allow attackers to exploit memory vulnerabilities for malicious purposes.

Google has extended gratitude to all security researchers who assisted in identifying and mitigating these risks.

The company also highlighted its reliance on advanced detection tools like AddressSanitizer, MemorySanitizer, and libFuzzer to identify and address vulnerabilities proactively.

Users are urged to update Chrome to its latest version immediately. To check for updates, navigate to Settings > About Chrome in the browser.

This critical update underscores the importance of maintaining up-to-date software to ensure maximum protection against evolving security threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Jaguar Land Rover Hit by HELLCAT Ransomware Using Stolen Jira Credentials

The HELLCAT ransomware group has claimed responsibility for a significant data breach at Jaguar Land…

4 minutes ago

Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat,…

2 hours ago

Apple Introduces RCS End-to-End Encryption for iPhone Messages

Apple has announced the integration of end-to-end encryption (E2EE) for Rich Communication Services (RCS) on…

3 hours ago

Adobe Acrobat Vulnerabilities Enable Remote Code Execution

A recent disclosure by Cisco Talos' Vulnerability Discovery & Research team highlighted several vulnerability issues…

4 hours ago

Hackers Use CSS Tricks to Bypass Spam Filters and Monitor Users

Cybersecurity experts have uncovered how hackers use Cascading Style Sheets (CSS) to deceive spam filters…

4 hours ago

Hackers Target TP-Link Vulnerability to Gain Full System Control

Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control…

6 hours ago