Google has released a critical update for the Chrome browser, addressing three high-severity security vulnerabilities. This patch, part of the latest Stable channel release, ensures users remain protected from potential threats.
The new version rolled out progressively, underscores Chrome’s commitment to providing a secure browsing environment. Users are urged to update their browsers promptly to guard against exploitation.
Stable Channel Updates
The latest Chrome update applies to the Stable channel, with versions 132.0.6834.110/111 now available for Windows and Mac users, and 132.0.6834.110 available for Linux.
Additionally, the Extended Stable channel has been updated to the same versions for Windows and Mac. Over the next few days and weeks, these versions will be distributed globally to ensure a seamless transition.
Users interested in exploring the technical updates in this release can access the detailed change log through the Chrome Release Log, which highlights the modifications and improvements introduced.
Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Addressing Security Vulnerabilities
This update addresses three high-severity vulnerabilities that could have left users’ systems vulnerable to exploitation.
Two of these issues were reported by external researchers, while the third fix addresses multiple risks identified through internal audits. Below are the details of the patched vulnerabilities:
CVE-2025-0611: Object Corruption in V8
CVE-2025-0611 is a high-severity vulnerability stemming from object corruption in Chrome’s V8 JavaScript engine, which powers much of the browser’s functionality.
This flaw could allow attackers to execute arbitrary code or disrupt the browser’s operations. The issue was reported by a researcher identified as “303f06e3” on December 26, 2024. Google awarded a bounty of $11,000 to the researcher for this critical discovery.
CVE-2025-0612: Out-of-Bounds Memory Access in V8
CVE-2025-0612 is another high-severity vulnerability affecting the V8 engine. It involves out-of-bounds memory access, which could potentially expose sensitive user data or permit the execution of unauthorized code.
This issue was reported by researcher Alan Goodman on December 20, 2024, earning him a security bounty of $8,000.
In addition to the externally reported vulnerabilities, this release includes fixes stemming from Google’s internal security audits and testing tools such as AddressSanitizer, MemorySanitizer, and libFuzzer.
These proactive efforts are designed to identify and address security gaps before they can be exploited. While specific details about these improvements remain restricted, they collectively enhance Chrome’s overall security.
Google has emphasized that access to detailed bug information will remain restricted until most users have received the update.
This approach prevents malicious actors from exploiting the vulnerabilities before a majority of systems are protected. Chrome’s security team also thanked external researchers for their valuable contributions, which play a crucial role in identifying and addressing these issues.
To further strengthen its security ecosystem, Google relies on advanced tools such as Control Flow Integrity and UndefinedBehaviorSanitizer to pre-emptively detect and mitigate risks.
Chrome users are strongly advised to check that their browser is up-to-date. To update, open Chrome, navigate to Help > About Google Chrome, and allow the browser to download and install the update automatically.
Once the process is complete, relaunch Chrome to apply the update and ensure that the patched version is active.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar