The repeated appearance of type confusion flaws suggests that Chrome’s JavaScript engine remains a high-value target for attackers, necessitating continuous scrutiny by Google’s security teams. This update follows a pattern of heightened scrutiny on Chrome’s V8 JavaScript engine and GPU components, both of which remain prime targets for exploitation. For instance, a crafted HTML page exploiting CVE-2025-1920 could corrupt heap memory, bypassing Chrome’s sandbox protections to install malware or exfiltrate data. These medium-severity issues, reported by Sakana.S ($3000 bounty) and zeroxiaobai@ ($2000 bounty) respectively, highlight persistent memory management challenges in Chrome’s subsystems. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. CVE-2025-1920, reported by Excello s.r.o., earned a $7,000 bounty, while CVE-2025-2135, identified by Zhenghang Xiao (@Kipreyyy), underscores ongoing risks in V8’s architecture. The most critical fixes target CVE-2025-1920 and CVE-2025-2135, two types of confusion vulnerabilities in the V8 JavaScript engine. Simultaneously, the Extended Stable Channel—used primarily by enterprises for phased testing—has been updated to 134.0.6998.89 for Windows and Mac, with a gradual rollout planned over the coming weeks. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 07:35:06 +0000