Google has released a critical update for its Chrome browser, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for Windows and Mac on the Extended Stable channel.
This update includes several high-priority security fixes to safeguard users against potential threats. The rollout will occur over the coming days and weeks.
The latest update includes five security fixes, with several high-risk vulnerabilities being addressed. These were reported by external researchers and are detailed below:
| CVE Number | Risk Level | Description | Reporter Date |
| CVE-2025-1920 | High | Type Confusion in V8 | Excello s.r.o., 2025-02-21 |
| CVE-2025-2135 | High | Type Confusion in V8 | Zhenghang Xiao (@Kipreyyy), 2025-03-02 |
| CVE-TBD | High | Out of bounds write in GPU | Reported on 2025-03-05 |
| CVE-2025-2136 | Medium | Use after free in Inspector | Sakana.S, 2025-02-10 |
| CVE-2025-2137 | Medium | Out of bounds read in V8 | zeroxiaobai@, 2025-02-25 |
Several researchers received rewards for their contributions:
Google also acknowledged all security researchers who worked during the development cycle to prevent security bugs from reaching the stable channel.
Detailed instructions are available on the Chrome website for users interested in switching release channels.
If you encounter any issues following the update, you can report them by filing a bug or seeking assistance from the community help forum.
Users must update their browsers to protect themselves from the latest security vulnerabilities.
These updates often include fixes for high-risk issues like type confusion and out-of-bounds write/read scenarios, which can be exploited by malicious actors if left unpatched.
As always, vigilance and keeping software up-to-date are key measures in maintaining digital security.
Users are encouraged to keep an eye on the Chrome Security Page for more information and updates on security fixes.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting…
A newly identified piece of malware, dubbed the "Hannibal Stealer," has emerged as a significant…
Advanced persistent threat (APT) groups with ties to China have become persistent players in the…
Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR)…
Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for…
A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands, Germany,…
