CyberSecurityBoard
Sponsor Register Login

Critical Chrome Vulnerability Let Attackers Execute Arbitrary Code

The vulnerability, which could allow attackers to execute arbitrary code through specially crafted web pages, prompted an urgent update release to address the issue before widespread exploitation. The update will roll out over the coming days and weeks, but users should not wait for automatic updates and should manually verify they are running the latest version, especially given the critical nature of this security issue. Google has implemented a standard practice of restricting detailed vulnerability information until a majority of users have updated their browsers, providing a critical protection window for users to secure their systems. The security flaw tracked as CVE-2025-2476 has been classified as a critical use-after-free (UAF) memory vulnerability in Chrome’s Lens component. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The stable channel has been updated to version 134.0.6998.117/.118 for Windows and Mac and 134.0.6998.117 for Linux users. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code with the same privileges as the logged-in user. In practical terms, when malicious data is introduced before memory consolidation occurs, attackers can potentially leverage this condition to execute arbitrary code on affected systems. Google’s AddressSanitizer, a memory error detection tool, is specifically designed to identify such flaws during development phases, highlighting their significance in modern browser security. While no active exploitation has been confirmed in the wild, Google’s critical rating underscores the urgency of users updating immediately. The Extended Stable channel has also been updated to version 134.0.6998.89 for Windows and Mac systems. On March 19, 2025, Google released security updates to address the vulnerability. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. The vulnerability affects Chrome versions before 134.0.6998.117/.118 on Windows and Mac and 134.0.6998.117 on Linux platforms. A sophisticated threat actor dubbed "Weaver Ant," Web Shell Whisperer has emerged from China, deploying advanced web shell payloads across critical infrastructure sectors worldwide.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 24 Mar 2025 11:30:05 +0000


Cyber News related to Critical Chrome Vulnerability Let Attackers Execute Arbitrary Code

Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
11 months ago Security.googleblog.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Google Chrome 0-Day Vulnerability Exploited in the Wild - Update Now - The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google ...
1 month ago Cybersecuritynews.com CVE-2025-4609
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access - Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. This vulnerability can allow attackers to execute arbitrary code by exploiting how Chrome processes certain media files, ...
2 months ago Cybersecuritynews.com CVE-2025-3619
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
1 year ago Bleepingcomputer.com CVE-2024-4947 CVE-2024-0519 CVE-2024-2887 CVE-2024-3159 CVE-2024-4671 CVE-2024-4761
Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox - Technical Details Disclosed - A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to break out of the browser’s protective sandbox environment, potentially giving attackers access to the underlying operating system. This ...
1 month ago Cybersecuritynews.com
Alert: New Chrome Zero-Day Vulnerability Being Exploited - Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It's worth noting that the vulnerability ...
1 year ago Securityboulevard.com CVE-2023-7024 CVE-2023-2033 CVE-2023-2136 CVE-2023-3079 CVE-2023-4762 CVE-2023-6345
Critical Chrome Vulnerability Let Attackers Execute Arbitrary Code - The vulnerability, which could allow attackers to execute arbitrary code through specially crafted web pages, prompted an urgent update release to address the issue before widespread exploitation. The update will roll out over the coming days and ...
2 months ago Cybersecuritynews.com CVE-2025-2476
Multiple Chrome Vulnerabilities Let Attackers Execute Arbitrary Code - Enterprise administrators can force updates through group policies (version 135.0.7049.52+). Google has restricted detailed technical disclosures until most users update, following standard coordinated vulnerability disclosure practices. The stable ...
2 months ago Cybersecuritynews.com CVE-2025-3066
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
8 months ago Cyberdefensemagazine.com Akira
Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
1 year ago Bleepingcomputer.com
Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
1 year ago Bleepingcomputer.com
Google Chrome To Roll Out Real-Time Phishing Protection - Google Chrome has been protecting users from malicious websites and files with Safe Browsing, which maintains a locally-stored list updated every 30-60 minutes. To address it, Chrome is introducing a new version of Safe Browsing that provides ...
1 year ago Cybersecuritynews.com
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
1 year ago Securityweek.com CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
1 year ago Bleepingcomputer.com Hunters
Google Releases Eighth Zero-Day Patch of 2023 for Chrome - Google has issued an urgent update to address a recently discovered vulnerability in Chrome that has been under active exploitation in the wild, marking the eighth zero-day vulnerability identified for the browser in 2023. Identified as ...
1 year ago Darkreading.com CVE-2023-7024
Threat Actors Exploiting DLL Side-Loading Vulnerability in Google Chrome to Execute Malicious Payloads - Cybersecurity researchers have identified a concerning new attack vector where threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 through DLL side-loading techniques. This sophisticated attack allows ...
3 months ago Cybersecuritynews.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
Chrome Use After Free Vulnerability Let Attackers Execute Remote Code - Security experts indicate that successful exploitation of this vulnerability would likely begin with a specially crafted webpage containing JavaScript code designed to trigger memory corruption. The high-severity Vulnerability tracked as ...
2 months ago Cybersecuritynews.com CVE-2025-3066
Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
1 year ago Bleepingcomputer.com
Chrome New Safety Check Feature Checks for Hacked Passwords - Google Chrome, the leading browser, has recently launched a new safety check feature that can help users save their tab groups and optimize memory usage. With this new feature, users can now ensure that their browser is running smoothly and ...
1 year ago Cybersecuritynews.com
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
1 year ago Cysecurity.news
Google Chrome adds new AI features to boost productivity and creativity - Google's popular web browser, Chrome, is getting a makeover with the latest release of Chrome M121, which introduces three new generative AI features that aim to make browsing easier, more efficient and more personalized. The new features, which are ...
1 year ago Venturebeat.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)