Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code

Google has released an urgent security update for its Chrome browser, addressing three critical vulnerabilities that could enable attackers to execute arbitrary code on users’ systems. The most concerning issues are two high-severity type confusion vulnerabilities in Chrome’s V8 JavaScript engine, both discovered and reported by security researcher Shaheen Fazim on July 9, 2025. Type confusion vulnerabilities occur when software accesses resources using incorrect data types, leading to unexpected behavior and potential security breaches. In the context of Chrome’s V8 JavaScript engine, these flaws can be particularly dangerous as they allow attackers to manipulate memory allocations and potentially execute arbitrary code through specially crafted web pages. The attack typically begins with attackers crafting malicious HTML pages containing specially designed JavaScript code that exploits these V8 engine vulnerabilities. Google’s security team has also acknowledged the work of various internal security initiatives, including AddressSanitizer, MemorySanitizer, and fuzzing techniques that help identify such vulnerabilities before they reach production. The V8 JavaScript engine, which powers not only Chrome but also other Chromium-based browsers like Microsoft Edge and Brave, processes billions of web interactions daily, making these vulnerabilities especially critical. When exploited, these flaws could allow attackers to bypass Chrome’s security sandbox and gain access to the underlying operating system. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Security experts report that vulnerabilities in 2024 rose by 61% compared to 2023, with nearly 50,000 vulnerabilities forecasted for 2025. “Type confusion, often combined with use-after-free, is the main attack vector to compromise modern C++ software like browsers,” according to cybersecurity researchers. These flaws, tracked as CVE-2025-8010 and CVE-2025-8011, represent significant threats to browser security.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Jul 2025 02:30:08 +0000

Cyber News related to Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code

Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
1 year ago Gbhackers.com CVE-2023-39294 CVE-2023-39296 CVE-2023-47219 CVE-2023-47559 CVE-2023-47560 CVE-2023-41287 CVE-2023-41288 CVE-2022-43634 CVE-2023-41289

Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
1 year ago Bleepingcomputer.com CVE-2024-4947 CVE-2024-0519 CVE-2024-2887 CVE-2024-3159 CVE-2024-4671 CVE-2024-4761

Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
1 year ago Security.googleblog.com

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters

Chrome 120 Patches 10 Vulnerabilities - Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities. Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to ...
1 year ago Securityweek.com CVE-2023-6508 CVE-2023-6509 CVE-2023-6345

Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code - Google has released an urgent security update for its Chrome browser, addressing three critical vulnerabilities that could enable attackers to execute arbitrary code on users’ systems. The most concerning issues are two high-severity type ...
1 month ago Cybersecuritynews.com CVE-2025-8010

Google Chrome 0-Day Vulnerability Exploited in the Wild - Update Now - The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google ...
3 months ago Cybersecuritynews.com CVE-2025-4609

Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373

Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
1 year ago Go.theregister.com CVE-2024-24691 CVE-2024-24690 CVE-2024-24695 CVE-2024-24696 CVE-2024-24697 CVE-2024-24698 CVE-2024-24699

Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
1 month ago Bleepingcomputer.com CVE-2025-7656

Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
1 year ago Securityweek.com CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225

Chrome 120 Update Patches High-Severity Vulnerabilities - Google on Tuesday announced the release of a Chrome 120 security update that addresses nine vulnerabilities, six of which were reported by external researchers. Of the externally reported flaws, five have a severity rating of 'high', four of which ...
1 year ago Securityweek.com CVE-2023-6702

Google Chrome Use After Free Flaw Let Attacker Hijack Browser - The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users. The Extended Stable channel has been updated to ...
1 year ago Gbhackers.com

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
1 year ago Securityweek.com CVE-2024-36985 CVE-2024-36984

Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
1 year ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285

Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
6 months ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group

ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability - Siemens and Schneider Electric have published their Patch Tuesday advisories for December 2023, addressing dozens of vulnerabilities affecting their products. Siemens has published 12 advisories that cover more than 30 vulnerabilities. The industrial ...
1 year ago Securityweek.com CVE-2022-42784 CVE-2022-0543

DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
11 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124

Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
1 year ago Cybersecurity-insiders.com

Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
1 year ago Esecurityplanet.com CVE-2024-21894 CVE-2024-29990 CVE-2024-3383 CVE-2024-3400

Why CVEs Are an Incentives Problem - I've been thinking about some of these unintended consequences in the context of a growing problem faced by all of us in cybersecurity: how a fast-rising tide of software vulnerabilities tracked as common vulnerabilities and exposures - are reported ...
1 year ago Darkreading.com

Google Chrome 120 Released with Patch for 10 Critical Security Flaws - Google has recently released Chrome 120 for Windows, Mac, and Linux. This version of Chrome comes with 10 security patches to ensure a safer browsing experience for its users. The most recent versions of Chrome available to users are 120.0.6099.62 ...
1 year ago Cybersecuritynews.com CVE-2023-6508 CVE-2023-6511 CVE-2023-6512

Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
1 year ago Darkreading.com CVE-2023-35618 CVE-2023-35641 CVE-2023-35630 CVE-2023-35636 CVE-2023-36696