Huang Xilin of Ant Group Light-Year Security Lab discovered and reported the vulnerability on April 20, 2025, earning a $7,000 bounty as part of Google’s vulnerability rewards program. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The update includes various security improvements from internal audits, fuzzing, and other initiatives, in addition to the WebAudio vulnerability fix. The primary security fix addresses CVE-2025-4372, a Use-After-Free (UAF) vulnerability in Chrome’s WebAudio API. Google’s security team emphasized that many of their security bugs are detected using specialized tools, including AddressSanitizer (ASan), MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL. Similar vulnerabilities, including CVE-2023-6345 and CVE-2024-0224, were discovered in previous versions, highlighting the consistent security challenges posed by complex audio processing in web browsers. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. However, security experts recommend manually updating immediately by navigating to Chrome’s settings (chrome://settings/help) to check for and install the latest version. She is covering various cyber security incidents happening in the Cyber Space. According to an announcement published on Tuesday, May 6, 2025, the stable channel has been updated to version 136.0.7103.92/.93 for Windows and Mac systems and 136.0.7103.92 for Linux platforms. The vulnerability has received an exceptionally high rating because it requires no user privileges and minimal user interaction to exploit.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 07:29:57 +0000