Google has issued a vital security update for its Chrome browser, advancing the Stable channel to version 145.0.7632.159/160 on Windows and Mac, and 145.0.7632.159 on Linux. This update addresses ten security vulnerabilities, including three classified as Critical. The rollout will occur over the coming days and weeks.
Significance of the Update
The release follows responsible disclosures from independent security researchers and Google’s internal team, with bug bounties reaching up to $33,000 for a single flaw. Users are advised to update their browsers promptly, as detailed information on these bugs will remain restricted until most users have received the fix.
The three critical vulnerabilities include an integer overflow issue in the ANGLE graphics layer, an object lifecycle problem in PowerVR, and another integer overflow in the Skia graphics engine. These were reported by researchers cinzinga, Zhihua Yao of KunLun Lab, and Symeon Paraschoudis, earning significant bounties.
Details of Vulnerabilities
The remaining seven vulnerabilities have been rated as High severity and impact various Chrome subsystems, such as V8, WebAssembly, CSS, and Navigation. These issues highlight the extensive attack surface that modern browsers present, as noted by Google’s advisory.
Critical vulnerabilities like integer overflow and heap buffer overflow can be exploited for remote code execution or sandbox escapes. Google’s development pipeline utilizes several automated detection tools to catch these memory safety issues before they reach users.
Recommended Actions for Users
Google advises users to update Chrome immediately by navigating to Settings → Help → About Google Chrome. Enterprise administrators should enforce this update across managed endpoints. Users are also encouraged to monitor the Chrome Security Page for full CVE disclosures post-rollout.
Although there is no evidence of active exploitation for these vulnerabilities at present, the Critical ratings emphasize the necessity for prompt patching by all Chrome users.
Stay informed by following us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
