The Chrome team has announced that the Stable channel has been updated to 131.0.6778.264/.265 for Windows and macOS, and 131.0.6778.264 for Linux.
Google Addressed a high severity vulnerability type confusion issue in the V8 JavaScript engine allowing attachers to execute arbitrary code remotely.
This update will be gradually rolled out over the coming days and weeks. As always, users are encouraged to update their browsers to benefit from the latest security improvements and features.
Key Highlights of the Update
This release includes four important security fixes, one of which is highlighted below. While details of some bugs are restricted to protect users during the rollout process, the Chrome team has shared key information about a high-severity fix contributed by an external researcher.
CVE-2025-0291 is a high-severity vulnerability involving a type confusion issue in the V8 JavaScript engine. This flaw occurs when the engine misinterprets an object’s type during execution, leading to unexpected behavior or potential security risks.
Attackers can exploit this vulnerability by crafting malicious JavaScript code designed to trigger the type confusion.
By doing so, they can potentially execute arbitrary code, bypass security measures like sandboxes, or cause application crashes.
The vulnerability was reported by Popax21 on December 11, 2024, and carries a reward of $55,000.
The update also includes various fixes stemming from rigorous internal audits, fuzzing tools, and other security initiatives.
In addition to external contributions, Chrome’s internal security team continues its ongoing efforts to detect and resolve vulnerabilities before they reach the Stable channel.
Tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL play a critical role in identifying and addressing security issues.
Reporting Issues and Release Channels
Chrome welcomes feedback from its user community. If you encounter a new issue, you can report it by filing a bug. Additionally, the Chrome Community Help Forum offers a valuable space to learn about common issues and seek assistance.
For users interested in testing features or updates in development, Chrome offers different release channels, including Beta, Dev, and Canary. You can learn more about switching channels here.
To ensure the best browsing experience and stay protected from potential vulnerabilities, users are advised to update their browsers as soon as the new version becomes available.
ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free