The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google has released an urgent security update for Chrome to patch a critical vulnerability that hackers are actively exploiting in the wild. “The flaw allows an attacker to bypass security policies within Chrome’s Loader logic, potentially leading to unauthorized code execution or sandbox escape,” explained security experts tracking the issue. The vulnerability was initially disclosed via an X post by security researcher @slonser_ on May 5, 2025, indicating that malicious actors may have been exploiting the flaw for days or weeks before the patch was released. Security researchers explain that bugs in Chrome’s Mojo IPC (Inter-Process Communication) layer can lead to serious issues like privilege escalation and memory corruption in complex, multi-process applications like Chrome. Chrome’s security team credited external researchers, including @slonser_ and a researcher named Micky who reported the Mojo vulnerability on April 22, for identifying these security issues. Android users will receive Chrome 136.0.7103.125 through Google Play, which contains the same security fixes as the desktop versions. The update will roll out automatically over the coming days and weeks, but security experts recommend manually checking for updates given the critical nature of this vulnerability. The company’s proactive approach to security, including rapid patch deployment and transparent disclosure of vulnerabilities, remains crucial in protecting billions of users worldwide. This flaw allows attackers to bypass security policies, potentially enabling unauthorized code execution and cross-origin data leaks through specially crafted HTML pages. Google’s ongoing internal security efforts, including tools like AddressSanitizer, which have found over 300 bugs in Chromium, continue to strengthen Chrome’s security posture. Google continues to incentivize security researchers to find and report vulnerabilities through its bug bounty program, with rewards of up to $250,000 for discovering critical security flaws. In addition to the zero-day vulnerability, the Chrome update addresses another high-severity flaw, CVE-2025-4609, which involves “incorrect handle provided in unspecified circumstances in Mojo”. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Security researchers have identified CVE-2025-4664 as the most serious vulnerability in this release. Google confirmed they are “aware of reports that an exploit for CVE-2025-4664 exists in the wild,” elevating the urgency for users to update immediately. This incident highlights the ongoing security challenges faced by web browsers that process untrusted content from the internet. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Users can verify their Chrome version and trigger an update by navigating to “chrome://settings/help” in their browser.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 03:05:04 +0000