Google has rolled out an pressing safety replace for its Chrome browser, addressing a high-severity use-after-free vulnerability that might enable attackers to execute arbitrary code on customers’ programs.
The patch is included in model 141.0.7390.107 for Linux and 141.0.7390.107/.108 for Home windows and macOS, which started deploying to the Steady channel this week.
Full launch notes element the adjustments, with the replace anticipated to succeed in most customers over the approaching days or perhaps weeks.
Chrome Use After Free Vulnerability
The flaw, tracked as CVE-2025-11756, resides in Chrome’s Secure Shopping characteristic, a core part designed to guard customers from malicious web sites and phishing makes an attempt.
Found by impartial researcher “as 9” on September 25, 2025, the vulnerability earned a $7,000 bounty underneath Google’s Vulnerability Reward Program.
Use-after-free errors happen when software program continues to reference reminiscence that has already been freed, doubtlessly resulting in crashes, knowledge corruption, or exploitation.
On this case, attackers may leverage the bug to inject and run malicious code, bypassing safety sandboxes and compromising your complete browser setting.
Google classifies the difficulty as excessive severity, emphasizing its potential for distant exploitation with out person interplay. Merely visiting a rigged webpage may set off the assault.
Whereas no widespread exploits have been reported within the wild, the corporate restricted bug particulars initially to make sure most customers replace earlier than particulars go public.
This aligns with Chrome’s proactive safety stance, the place entry to full disclosures is commonly delayed till patches propagate.
The repair was enhanced by Google’s suite of detection instruments, together with AddressSanitizer, MemorySanitizer, and libFuzzer, which help in figuring out memory-related bugs early in growth.
Google additionally prolonged due to exterior researchers for his or her contributions through the cycle, stopping different flaws from slipping into secure releases.
Customers ought to replace Chrome instantly through the browser’s settings menu or computerized rollout. As browser-based threats evolve, this incident underscores the significance of well timed patching in defending towards subtle assaults.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
