Tuesday, May 6, 2025
HomeChromeCritical Chrome Vulnerability Exposes Users to Data Theft and Unauthorized Access

Critical Chrome Vulnerability Exposes Users to Data Theft and Unauthorized Access

Published on

SIEM as a Service

Follow Us on Google News

A critical security vulnerability has been discovered in Google Chrome, prompting an urgent update as millions of users worldwide face potential threats of data theft and unauthorized access.

The newly released Stable channel update—now available as version 135.0.7049.95/.96 for Windows and Mac, and 135.0.7049.95 for Linux—is being rolled out over the next few days and weeks, with users strongly advised to update immediately.

Multiple Security Flaws Discovered

This update addresses two major security flaws, with the most severe identified as CVE-2025-3619, a heap buffer overflow vulnerability found in Chrome’s Codecs component.

- Advertisement - Google News

Discovered and reported by security researcher Elias Hohl on April 9, 2025, this critical issue could enable attackers to execute arbitrary code, potentially allowing them to steal sensitive data, hijack browsing sessions, or gain unauthorized access to user accounts.

The second high-severity vulnerability, CVE-2025-3620, involves a use-after-free bug in Chrome’s USB functionality.

Reported by security researcher @retsew0x01 on March 21, 2025, this flaw could let attackers launch further exploits or cause the browser to crash unexpectedly.

Vulnerability IDSeverityDescriptionImpact
CVE-2025-3619CriticalHeap buffer overflow (memory flaw)Possible data theft, code execution
CVE-2025-3620HighUse-after-free bug (memory management flaw)Potential crashes, further exploitation

Heap buffer overflow vulnerabilities like CVE-2025-3619 are particularly dangerous.

If exploited, they may allow malicious actors to bypass Chrome’s security mechanisms, gain foothold over affected devices, and extract confidential information ranging from login credentials to financial data.

Meanwhile, use-after-free bugs can make Chrome unstable and open doors to additional attacks.

Given Chrome’s widespread usage across platforms and its integration into everyday workflows, these vulnerabilities represent a significant risk to both individual users and organizations.

Google has restricted access to specific bug details and technical links to prevent exploitation until the majority of Chrome users receive the fix.

The company also maintains restrictions if the vulnerability exists within third-party libraries that are crucial to multiple software projects.

Google’s Chrome Security Team has extended its gratitude to external researchers for their vital role in discovering and reporting these bugs, citing detection methods like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL as essential tools in their efforts.

All Chrome users are urged to update their browsers immediately by navigating to Settings > Help > About Google Chrome.

This ensures protection against known vulnerabilities. Users who encounter new issues are encouraged to report them promptly.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Initial Access Brokers Play a Vital Role in Modern Ransomware Attacks

The ransomware threat landscape has evolved dramatically in recent years, with specialized cybercriminals like...

Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks

The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising...

Microsoft Resolves Group Policy Issue Blocking Windows 11 24H2 Installation

Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11...

DragonForce Ransomware Targets Major UK Retailers, Including Harrods, Marks & Spencer, and Co-Op

Major UK retailers including Harrods, Marks and Spencer, and Co-Op are currently experiencing significant...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Initial Access Brokers Play a Vital Role in Modern Ransomware Attacks

The ransomware threat landscape has evolved dramatically in recent years, with specialized cybercriminals like...

Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks

The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising...

Microsoft Resolves Group Policy Issue Blocking Windows 11 24H2 Installation

Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11...