Enterprise administrators can force updates through group policies (version 135.0.7049.52+). Google has restricted detailed technical disclosures until most users update, following standard coordinated vulnerability disclosure practices. The stable channel update (135.0.7049.52 for Linux, 135.0.7049.41/42 for Windows/macOS) comes with urgent patches for multiple memory corruption and implementation flaws actively exploited in the wild. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Reported by Sven Dysthe through Chrome’s Vulnerability Reward Program, this memory corruption flaw carries a “High” severity rating. This update highlights Chrome’s ongoing security challenges despite massive investments in sandboxing and process isolation. The most severe vulnerability (CVE-2025-3066) involves a use-after-free flaw in navigation processes that could let attackers execute arbitrary code via crafted web pages. Notably, one extension vulnerability report dates back to 2017, revealing long-standing architectural issues in Chrome’s permission model. The update addresses fourteen vulnerabilities, including high-severity flaws that could enable remote code execution. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Google has rolled out a critical security update for Chrome 135 across all desktop platforms. External researchers claimed $17,000 in bounties for identifying vulnerabilities, with TU Wien researcher Philipp Beer receiving the highest individual payout. The inclusion of vulnerabilities reported as early as 2017 suggests some architectural limitations persist in the browser’s 16-year-old codebase.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Apr 2025 11:10:06 +0000