Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers.
The flaw, tracked as CVE-2025-11756, affects Chrome’s Safe Browsing feature and has earned a High severity rating from Google’s security team.
Critical Vulnerability in Chrome’s Safe Browsing Feature
The newly discovered security flaw represents a serious threat to Chrome users worldwide. Use-after-free vulnerabilities occur when a program continues to use memory after it has been freed, creating an opportunity for attackers to manipulate that memory space.
In this case, the vulnerability exists within Chrome’s Safe Browsing component, which is designed to protect users from malicious websites and downloads.
Security researcher “asnine” discovered and reported this vulnerability on September 25, 2025, earning a substantial $7,000 bounty reward from Google’s bug bounty program.
The company has acknowledged the researcher’s contribution to improving Chrome’s security for millions of users globally.
When successfully exploited, this use-after-free vulnerability could allow attackers to execute arbitrary code on a victim’s system.
This means cybercriminals could potentially install malware, steal sensitive information, or gain unauthorized access to the affected computer.
The vulnerability’s location in the Safe Browsing feature is particularly concerning since this component runs with elevated privileges to protect users from online threats.
In response to this critical security flaw, Google has promptly released Chrome version 141.0.7390.107/.108 for Windows and Mac systems, and version 141.0.7390.107 for Linux.
The update began rolling out on October 14, 2025, and will reach all users over the coming days and weeks.
Google has implemented its standard security disclosure policy, restricting access to detailed bug information until most users have installed the security patch.
This approach helps prevent cybercriminals from exploiting the vulnerability before users can protect themselves with the updated browser version.
The company’s security team utilized advanced detection tools including AddressSanitizer, MemorySanitizer, and other fuzzing technologies to identify and prevent similar security issues from reaching stable Chrome releases.
| CVE ID | CVE-2025-11756 |
| Vulnerability Type | Use after free in Safe Browsing |
| Severity Rating | High |
| CVSS Score | Not yet assigned |
| Affected Component | Chrome Safe Browsing |
| Reporter | asnine |
| Report Date | September 25, 2025 |
| Bug Bounty | $7,000 |
| Fixed Version | Chrome 141.0.7390.107/.108 |
Chrome users should immediately update their browsers to protect against this serious security vulnerability.
The browser typically updates automatically, but users can manually check for updates by navigating to Settings > About Chrome.
Organizations and individual users who delay this update remain at significant risk of exploitation by cybercriminals targeting this specific vulnerability.
This security incident highlights the ongoing importance of maintaining updated software and the valuable role of security researchers in identifying potential threats before they can cause widespread damage.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
