Chrome Security Update – Patch For 16 Vulnerabilities

   January 15, 2025  Posted in GBHackers


Google has released a significant security update for its Chrome browser, addressing 16 vulnerabilities in version 132.0.6834.83/84 for Windows, Mac, and Linux platforms.

This update, which will be rolled out over the coming days and weeks.

While this security update includes several critical fixes and improvements to enhance the security of the web browser.

The update addresses five high-severity vulnerabilities:

  1. CVE-2025-0434: Out of bounds memory access in V8 ($7000 bounty)
  2. CVE-2025-0435: Inappropriate implementation in Navigation ($7000 bounty)
  3. CVE-2025-0436: Integer overflow in Skia ($3000 bounty)
  4. CVE-2025-0437: Out of bounds read in Metrics ($2000 bounty)
  5. CVE-2025-0438: Stack buffer overflow in Tracing (bounty to be determined)

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Medium & Low-severity Vulnerabilities

The update also fixes several medium and low-severity vulnerabilities, including:-

  • Race condition in Frames
  • Inappropriate implementations in Fullscreen, Fenced Frames, and Payments
  • Insufficient data validation in Extensions

Here below we have mentioned all the medium and low-severity CVE IDs along with their severity:-

  • CVE-2025-0439 (Medium)
  • CVE-2025-0440 (Medium)
  • CVE-2025-0441 (Medium)
  • CVE-2025-0442 (Medium)
  • CVE-2025-0443 (Medium)
  • CVE-2025-0446 (Low)
  • CVE-2025-0447 (Low)
  • CVE-2025-0448 (Low)

Google acknowledges the contributions of external security researchers who reported these vulnerabilities.

The company awarded bounties ranging from $1000 to $7000 for the discovered issues, demonstrating its commitment to collaborating with the security community to improve Chrome’s safety.

In addition to addressing externally reported vulnerabilities, Google’s internal security team has implemented various fixes resulting from audits, fuzzing, and other initiatives.

The company employs advanced security tools such as AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer to detect and prevent security bugs.

Users are encouraged to update their Chrome browsers to the latest version to benefit from these security patches.

The update will be automatically rolled out, but users can manually check for updates by navigating to Chrome’s settings and clicking on “About Chrome.”

This approach helps Google to protect users from potential exploitation of known and evolving vulnerabilities.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!



Source link