Google has launched an pressing safety replace for Chrome after discovering a number of high-severity vulnerabilities that would enable attackers to execute malicious code remotely on customers’ programs.
Essentially the most important flaw, a “Use after free” vulnerability within the browser’s Compositing system, poses vital dangers to customers who haven’t but up to date their browsers.
Safety researchers warn that these flaws may very well be exploited to realize management of affected programs, doubtlessly resulting in information theft, set up of malware, or additional system compromise.
Customers are strongly suggested to replace their Chrome installations instantly to model 137.0.7151.40/.41 for Home windows and Mac.
Excessive-Severity Safety Flaw Found in Chrome Browser
On Wednesday, Could 21, 2025, Google launched an early secure replace to handle eight safety vulnerabilities within the Chrome browser.
The replace was initially rolled out to a small share of customers as a part of Google’s phased deployment technique, however given the severity of the failings, safety consultants advocate that every one customers replace instantly.
Essentially the most important difficulty, CVE-2025-5063, is a “Use after free” vulnerability within the Compositing system, which handles how Chrome renders visible components on net pages.
Google’s safety crew assigned the difficulty a “excessive” severity ranking, indicating its potential for vital hurt if exploited.
This vulnerability may doubtlessly enable attackers to execute malicious code remotely by tricking customers into visiting specifically crafted web sites.
Use-after-free vulnerabilities are notably harmful as they contain manipulating reminiscence after it has been freed, doubtlessly permitting attackers to execute arbitrary code.
Google’s push of an early secure launch signifies the urgency of this safety patch, as the corporate usually reserves such actions for important safety points that could be actively exploited within the wild.
Medium and Low Severity Vulnerabilities
Extra vulnerabilities mounted on this replace embrace:
CVE-2025-5064: Maurice Dauer reported a medium-severity inappropriate implementation in Background Fetch, permitting attackers to bypass safety checks for background downloads. This flaw may allow malicious actors to control obtain processes or abuse browser APIs, risking information integrity. Google awarded a $4,000 bounty for this reported difficulty.
CVE-2025-5065: This medium-severity flaw within the FileSystemAccess API stemmed from improper permission controls, reported by NDevTK in 2022, incomes a $2000 reward. Exploiting it may let malicious web sites entry or modify native information with out person consent.
CVE-2025-5066: Found by Mohit Raj (shadow2639), this medium-severity difficulty in Chrome’s Messages part concerned flawed coverage enforcement. It may enable attackers to intercept or manipulate browser-to-user communications, doubtlessly resulting in information leaks. A $1,000 bounty was issued for this 2024-reported vulnerability.
CVE-2025-5067: A low-severity inappropriate implementation within the Tab Strip UI, reported by Khalil Zhani in 2023, risked phishing assaults by way of tab spoofing.
Although much less important, it highlighted UI-level vulnerabilities that would mislead customers. Google awarded $500 for this discovering.
The safety bulletin famous that “entry to bug particulars and hyperlinks could also be stored restricted till a majority of customers are up to date with a repair,” suggesting Google is taking precautions to forestall widespread exploitation of those vulnerabilities.
Learn how to Replace Your Chrome Browser
Updating Chrome is a simple course of that gives quick safety towards these safety threats. To replace Chrome:
Click on the three-dot menu within the upper-right nook of Chrome.
Navigate to Assist > About Google Chrome.
Chrome will robotically verify for and set up any obtainable updates.
Confirm your Chrome model is 137.0.7151.40 or 137.0.7151.41 (for Home windows and Mac).
Restart the browser to finish the replace course of.
Safety consultants advocate enabling automated updates for browsers and all software program to make sure well timed safety towards newly found vulnerabilities.
Moreover, customers must be cautious when visiting unfamiliar web sites and keep away from clicking on suspicious hyperlinks or downloading information from untrusted sources.
Google’s safety crew and exterior researchers who reported these vulnerabilities via the Chrome Vulnerability Reward Program proceed to watch for potential exploits.
Equip your SOC crew with deep menace evaluation for sooner response -> Get Additional Sandbox Licenses for Free
