Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild

Posted on By CWS

Grafana has rolled out safety updates to deal with 4 high-severity vulnerabilities within the Chromium library used within the Grafana Picture Renderer plugin and Artificial Monitoring Agent.

An important of those points is CVE-2025-6554, a sort confusion in Chrome’s V8 JavaScript engine that may very well be exploited remotely to carry out arbitrary learn/write operations, which was exploited within the wild as a zero-day.

“Google is conscious that an exploit for CVE-2025-6554 exists within the wild,” Google mentioned final week, when it introduced that Chrome variations 138.0.7204.96/.97 for Home windows, variations 138.0.7204.92/.93 for macOS, and model 138.0.7204.96 for Linux comprise patches for the bug.

Grafana additionally launched patches for CVE-2025-5959, a sort confusion bug within the V8 engine that would permit distant attackers to execute arbitrary code throughout the sandbox, utilizing crafted HTML pages.

Google resolved the difficulty in Chrome variations 137.0.7151.103/.104 for Home windows and macOS, and in model 137.0.7151.103 for Linux.

Moreover, the Picture Renderer plugin and Artificial Monitoring Agent acquired patches for CVE-2025-6191, an integer overflow defect in Chrome’s V8 engine, and CVE-2025-6192, a use-after-free within the browser’s Profiler part.

Resolved in Chrome variations 137.0.7151.119/.120 for Home windows and macOS, and model 137.0.7151.119 for Linux, these flaws might permit distant attackers to probably carry out out-of-bounds reminiscence entry and exploit heap corruption, respectively.

In line with Grafana, these vulnerabilities influence Grafana Picture Renderer variations prior to three.12.9 and Artificial Monitoring Agent releases earlier than 0.38.3 and customers ought to replace to the patched iterations as quickly as attainable.Commercial. Scroll to proceed studying.

“Customers who function the Grafana Picture Renderer plugin or have a neighborhood set up of the Artificial Monitoring Agent are suggested to replace their programs,” Grafana says, noting that cloud deployments have been mechanically up to date.

Associated: Grafana Flaws Possible Focused in Broad SSRF Exploitation Marketing campaign

Associated: Code Execution Vulnerability Patched in GitHub Enterprise Server

Associated: Essential Authentication Bypass Flaw Patched in Teleport

Associated:Excessive-Severity Vulnerabilities Patched by Cisco, Atlassian

Security Week News Tags:, , , , , , ,

Related Posts

Apple Sends Fresh Wave of Spyware Notifications to French Users Security Week News
SonicWall Updates SMA 100 Appliances to Remove Overstep Malware Security Week News
Nvidia Triton Vulnerabilities Pose Big Risk to AI Models Security Week News
React Native Aria Packages Backdoored in Supply Chain Attack Security Week News
DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total  Security Week News
Wide Range of Malware Delivered in React2Shell Attacks Security Week News