Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems.
The patch is included in version 141.0.7390.107 for Linux and 141.0.7390.107/.108 for Windows and macOS, which began deploying to the Stable channel this week.
Full release notes detail the changes, with the update expected to reach most users over the coming days or weeks.
Chrome Use After Free Vulnerability
The flaw, tracked as CVE-2025-11756, resides in Chrome’s Safe Browsing feature, a core component designed to protect users from malicious websites and phishing attempts.
Discovered by independent researcher “as nine” on September 25, 2025, the vulnerability earned a $7,000 bounty under Google’s Vulnerability Reward Program.
Use-after-free errors occur when software continues to reference memory that has already been freed, potentially leading to crashes, data corruption, or exploitation.
In this case, attackers could leverage the bug to inject and run malicious code, bypassing security sandboxes and compromising the entire browser environment.
Google classifies the issue as high severity, emphasizing its potential for remote exploitation without user interaction. Simply visiting a rigged webpage could trigger the attack.
While no widespread exploits have been reported in the wild, the company restricted bug details initially to ensure most users update before details go public.
This aligns with Chrome’s proactive security stance, where access to full disclosures is often delayed until patches propagate.
The fix was enhanced by Google’s suite of detection tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, which assist in identifying memory-related bugs early in development.
Google also extended thanks to external researchers for their contributions during the cycle, preventing other flaws from slipping into stable releases.
Users should update Chrome immediately via the browser’s settings menu or automatic rollout. As browser-based threats evolve, this incident underscores the importance of timely patching in defending against sophisticated attacks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
