Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access

Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. This vulnerability can allow attackers to execute arbitrary code by exploiting how Chrome processes certain media files, potentially leading to full system compromise and data theft. Security agencies and Google strongly urge all Chrome users to update their browsers immediately to the latest stable version. Google credits external security researchers Elias Hohl and @retsew0x01 for reporting the vulnerabilities, highlighting the importance of collaboration in maintaining browser security. Users who store passwords, credit card details, or personal information in Chrome are especially vulnerable to identity theft and fraud if the browser is not updated promptly. Security experts warn that these vulnerabilities are particularly dangerous because they can be exploited remotely, requiring only that a user visit a malicious website or interact with compromised content. Once exploited, attackers could steal passwords, financial information, and other sensitive data stored in the browser or even take control of the affected device. These vulnerabilities could allow attackers to steal sensitive data and gain unauthorized access to users’ systems. The vulnerabilities impact all users running outdated versions of Google Chrome on desktop platforms. Google has responded by releasing Chrome version 135.0.7049.95/.96 for Windows and Mac and 135.0.7049.95 for Linux, which addresses these critical flaws. Cybersecurity experts emphasize that regular browser updates are essential to protect against evolving threats and prevent data breaches or system compromise. The flaws, identified as CVE-2025-3619 and CVE-2025-3620, affect Chrome versions prior to 135.0.7049.95/.96 for Windows and Mac and 135.0.7049.95 for Linux. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The company’s internal security tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, played a key role in detecting and mitigating these threats before they could be widely exploited. The second, CVE-2025-3620, is a “use-after-free” flaw in the USB component, which could also be leveraged to execute malicious code or gain unauthorized access to the system. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 02:00:12 +0000

Cyber News related to Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
8 months ago Aws.amazon.com

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access - Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. This vulnerability can allow attackers to execute arbitrary code by exploiting how Chrome processes certain media files, ...
2 months ago Cybersecuritynews.com CVE-2025-3619

Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
11 months ago Security.googleblog.com

Penetration Testing for Sensitive Data Exposure in Enterprise Networks: Everything You Need to Know! - The amount of data enterprises store is much bigger than SMBs. A lot of this data includes sensitive information of customers and clients such as bank details, social security numbers, emails, contact numbers, etc. For those new to data security, ...
1 year ago Securityboulevard.com

How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago

Guarding Kubernetes From the Threat Landscape - DZone - If compromised, attackers can exploit these broad permissions to manipulate deployments, introduce malicious code, gain unauthorized access to critical systems, steal sensitive data, or create backdoors for ongoing access. Part of the security ...
8 months ago Feeds.dzone.com

Data Protection in Educational Institutions - This article delves into the significance of data protection in educational institutions, emphasizing three key areas: the types of educational data, data privacy regulations, and data protection measures. Lastly, robust data protection measures are ...
1 year ago Securityzap.com

Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
1 year ago Feeds.dzone.com

Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
2 years ago Tripwire.com

Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
1 year ago Venturebeat.com

Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
1 year ago Securityzap.com

Developing Software Applications Under the Guidance of Data-Driven Decision-Making Principles - To architect and cultivate an application that yields precise outputs in alignment with business requirements, paramount emphasis must be given to the foundational data and the pertinent data scenarios shaping the application. Software application ...
1 year ago Feeds.dzone.com

Google Chrome 0-Day Vulnerability Exploited in the Wild - Update Now - The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google ...
1 month ago Cybersecuritynews.com CVE-2025-4609

Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com

Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
1 year ago Helpnetsecurity.com

Data Classification Software Features to Look Out For - For organizations looking to improve their data protection and data compliance strategies, technology is essential. Implementation of the right software can help you gain visibility into your company's data, improving your ability to protect customer ...
1 year ago Securityboulevard.com

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
8 months ago Wordfence.com Slug

CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, ...
2 years ago

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters

When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
1 year ago Feeds.dzone.com

Weekly Cyber Security News Letter - Last Week's Top Cyber Attacks & Vulnerabilities - A critical vulnerability in Windows Defender Application Control (WDAC) has been uncovered, allowing attackers to bypass strict security policies using WinDbg Preview, a Microsoft Store app. A vulnerability in the FireEye EDR agent allows attackers ...
1 month ago Cybersecuritynews.com Hunters Akira

Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373