Chrome Vulnerabilities Let Attackers Execute Arbitrary Code \u2013 Update Now!
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users\u2019 systems.\u00a0<\/p>\n
The update, rolled out on Tuesday, June 17, 2025, patches three significant security flaws including two high-severity vulnerabilities that earned external researchers substantial bounty rewards totaling $11,000.<\/p>\n
The latest Chrome Stable Channel update version 137.0.7151.119\/.120 for Windows and Mac<\/a>, and 137.0.7151.119 for Linux, addresses three critical security vulnerabilities that pose significant risks to user safety.\u00a0<\/p>\n The high-severity vulnerability, tracked as CVE-2025-6191, represents an integer overflow in V8, Chrome\u2019s JavaScript engine.\u00a0<\/p>\n This flaw was discovered by security researcher Shaheen Fazim on May 27, 2025, and earned a $7,000 bounty reward from Google\u2019s Vulnerability Reward Program.\u00a0<\/p>\n Particularly, the vulnerability affects Chrome\u2019s core JavaScript processing engine, which handles billions of operations daily across web applications<\/a>.\u00a0<\/p>\n Integer overflow vulnerabilities in JavaScript engines are particularly dangerous as they can lead to memory corruption and enable attackers to execute malicious code within the browser\u2019s sandbox environment.<\/p>\n The second high-severity vulnerability, CVE-2025-6192, involves a use-after-free condition in Chrome\u2019s Profiler component.\u00a0<\/p>\n Reported by researcher Chaoyuan Peng (@ret2happy) on May 31, 2025, this vulnerability earned a $4,000 reward.\u00a0<\/p>\n The vulnerability targets Chrome\u2019s performance profiling system, which developers and power users often employ for debugging and optimization.\u00a0<\/p>\n Use-after-free vulnerabilities<\/a> occur when a program continues to use memory after it has been freed, potentially allowing attackers to manipulate memory contents and achieve code execution.<\/p>\n Google\u2019s security team emphasizes that access to detailed bug information remains restricted until the majority of users have updated their browsers.\u00a0<\/p>\n The company also noted<\/a> that restrictions may remain in place if the vulnerabilities affect third-party libraries used by other projects that haven\u2019t yet implemented fixes.<\/p>\n Chrome users across all desktop platforms must update immediately to protect against potential exploitation of these vulnerabilities.\u00a0<\/p>\n The update rollout began Tuesday and will continue over the coming days and weeks through Chrome\u2019s automatic update mechanism.\u00a0<\/p>\n Users can manually check for updates by navigating to Chrome Settings > About Chrome or by accessing chrome:\/\/settings\/help in their browser\u2019s address bar.<\/p>\n The rapid response to these vulnerabilities demonstrates the critical importance of maintaining updated browser software and highlights the ongoing security challenges facing modern web browsers<\/a> as they balance functionality with user protection.<\/p>\n Power up early threat detection, escalation, and mitigation with ANY.RUN\u2019s Threat Intelligence Lookup. <\/strong>Get 50 trial searches<\/strong><\/a>.<\/strong><\/strong><\/p>\n The post Chrome Vulnerabilities Let Attackers Execute Arbitrary Code \u2013 Update Now!<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nCVE-2025-6191: Integer Overflow in V8<\/strong><\/h2>\n
CVE-2025-6192: Use After Free in Profiler<\/strong><\/h2>\n
Immediate Action Required for Users<\/strong><\/h2>\n