Google has launched Chrome 141 to handle 21 safety vulnerabilities, together with crucial flaws that might enable attackers to crash browsers and doubtlessly execute malicious code.
The replace, rolling out throughout Home windows, Mac, and Linux platforms, patches a number of high-severity vulnerabilities that pose vital dangers to person safety.
Probably the most extreme vulnerability addressed is CVE-2025-11205, a heap buffer overflow in WebGPU that earned safety researcher Atte Kettunen from OUSPG a $25,000 bounty.
This high-severity flaw might doubtlessly enable attackers to execute arbitrary code or crash the browser by exploiting reminiscence corruption within the WebGPU implementation.
One other vital heap buffer overflow vulnerability, CVE-2025-11206, impacts Chrome’s video processing performance. Found by researcher Elias Hohl, this high-severity flaw earned a $4,000 reward and will allow attackers to control video rendering processes to trigger browser instability or crashes.
Info Leakage and Implementation Vulnerabilities
Chrome 141 addresses a number of medium-severity vulnerabilities that might compromise person privateness and browser performance.
CVE-2025-11207 represents a side-channel data leakage vulnerability in Chrome’s storage system, doubtlessly permitting attackers to extract delicate information by means of timing assaults or different side-channel strategies.
A number of inappropriate implementation vulnerabilities have an effect on core browser elements, together with the Media system (CVE-2025-11208, CVE-2025-11212) and Omnibox performance (CVE-2025-11209, CVE-2025-11213). These flaws might allow attackers to control browser conduct or entry unintended performance.
The replace contains crucial fixes for Chrome’s V8 JavaScript engine, addressing CVE-2025-11215 (off-by-one error) and CVE-2025-11219 (use-after-free vulnerability).
Each vulnerabilities have been found by Google’s Large Sleep AI system, highlighting the corporate’s funding in automated vulnerability detection. These JavaScript engine flaws might enable attackers to execute malicious code by means of crafted internet content material.
Google distributed over $50,000 in bug bounty rewards to exterior safety researchers who found these vulnerabilities.
The best particular person payout of $25,000 displays the severity of the WebGPU heap buffer overflow, whereas different rewards ranged from $1,000 to $5,000 relying on vulnerability affect and exploitability.
The Chrome safety crew emphasised that entry to detailed vulnerability data stays restricted till most customers replace their browsers. This method prevents malicious actors from exploiting recognized vulnerabilities earlier than patches are extensively deployed.
Chrome 141.0.7390.54 for Linux and variations 141.0.7390.54/55 for Home windows and Mac at the moment are accessible by means of automated updates.
Customers ought to guarantee their browsers replace routinely or manually examine for updates by means of Chrome’s settings menu to guard in opposition to these critical safety vulnerabilities that might end in browser crashes or compromise system safety.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
