Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code.
The update, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that pose significant risks to user security.
The most severe vulnerability addressed is CVE-2025-11205, a heap buffer overflow in WebGPU that earned security researcher Atte Kettunen from OUSPG a $25,000 bounty.
This high-severity flaw could potentially allow attackers to execute arbitrary code or crash the browser by exploiting memory corruption in the WebGPU implementation.
Another significant heap buffer overflow vulnerability, CVE-2025-11206, affects Chrome’s video processing functionality. Discovered by researcher Elias Hohl, this high-severity flaw earned a $4,000 reward and could enable attackers to manipulate video rendering processes to cause browser instability or crashes.
Information Leakage and Implementation Vulnerabilities
Chrome 141 addresses multiple medium-severity vulnerabilities that could compromise user privacy and browser functionality.
CVE-2025-11207 represents a side-channel information leakage vulnerability in Chrome’s storage system, potentially allowing attackers to extract sensitive data through timing attacks or other side-channel methods.
Several inappropriate implementation vulnerabilities affect core browser components, including the Media system (CVE-2025-11208, CVE-2025-11212) and Omnibox functionality (CVE-2025-11209, CVE-2025-11213). These flaws could enable attackers to manipulate browser behavior or access unintended functionality.
The update includes critical fixes for Chrome’s V8 JavaScript engine, addressing CVE-2025-11215 (off-by-one error) and CVE-2025-11219 (use-after-free vulnerability).
Both vulnerabilities were discovered by Google’s Big Sleep AI system, highlighting the company’s investment in automated vulnerability detection. These JavaScript engine flaws could allow attackers to execute malicious code through crafted web content.
Google distributed over $50,000 in bug bounty rewards to external security researchers who discovered these vulnerabilities.
The highest individual payout of $25,000 reflects the severity of the WebGPU heap buffer overflow, while other rewards ranged from $1,000 to $5,000 depending on vulnerability impact and exploitability.
The Chrome security team emphasized that access to detailed vulnerability information remains restricted until most users update their browsers. This approach prevents malicious actors from exploiting known vulnerabilities before patches are widely deployed.
Chrome 141.0.7390.54 for Linux and versions 141.0.7390.54/55 for Windows and Mac are now available through automatic updates.
Users should ensure their browsers update automatically or manually check for updates through Chrome’s settings menu to protect against these serious security vulnerabilities that could result in browser crashes or compromise system security.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
