The Google Chrome team has officially released Chrome 133, now available on the stable channel for Windows, Mac, and Linux.
This update, version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, brings a host of improvements and critical security fixes.
Users are strongly urged to update their browsers immediately to protect against newly discovered vulnerabilities that could allow attackers to execute remote code.
The latest update addresses 12 security vulnerabilities, including two high-severity use-after-free bugs that could allow attackers to exploit memory management issues and execute malicious code remotely.
These vulnerabilities are particularly concerning as attackers could exploit them to gain control of a victim’s system.
- CVE-2025-0444: Use-after-free in Skia
This high-severity bug was reported by security researcher Francisco Alonso (@revskills) on January 19, 2025. Skia is Chrome’s 2D graphics library, and a use-after-free issue in this component could allow attackers to manipulate memory and execute arbitrary code. Google awarded Alonso $7,000 for his contribution. - CVE-2025-0445: Use-after-free in V8
Another high-severity vulnerability was found in V8, Chrome’s JavaScript engine. Discovered by an anonymous researcher (identified as “303f06e3”) on January 27, 2025, this bug also poses significant risks to remote code execution. - CVE-2025-0451: Inappropriate implementation in Extensions API
This medium-severity issue was reported by Vitor Torres and Alesandro Ortiz. While less critical than the use-after-free bugs, it still represents a potential threat to users’ security.
Use-after-free vulnerabilities occur when a program continues to use memory after it has been freed or deallocated.
This can lead to unpredictable behavior, including crashes or the execution of malicious code. Attackers often exploit such vulnerabilities to gain unauthorized access or control over systems.
Google’s Response and Security Measures
Google has restricted access to detailed information about these bugs until most users have updated their browsers. This precaution ensures that attackers cannot exploit the vulnerabilities before users are protected.
In addition to addressing externally reported issues, Google has also implemented various fixes from internal audits and fuzzing initiatives. Tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and others were instrumental in identifying these flaws during development.
Given the severity of the vulnerabilities addressed in this release, users are strongly encouraged to update their browsers immediately. Failure to do so could leave systems exposed to potential attacks that exploit these flaws.
To update Chrome:
- Open Chrome.
- Click on the three-dot menu in the top-right corner.
- Navigate to “Help” > “About Google Chrome.”
- The browser will automatically check for updates and install them if available.
- Restart Chrome to complete the process.
The Chrome team continues its commitment to user security through proactive measures such as internal audits and collaboration with external researchers. Future updates will bring not only enhanced features but also further refinements in security.
Stay tuned for upcoming blog posts from Google detailing new features and initiatives included in Chrome 133. For now, prioritize your safety by updating your browser without delay!
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free