Critical security vulnerabilities patched in Google Chrome
Take action: This one is important. Two high severity/critical flaws which are going to be exploited VERY soon, and you will be attacked by simply visiting a malicious site (think sites with "free stuff"). So don't wait, patch all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating a browser is easy, all your tabs reopen after the patch.
Learn More
Google has released an security update for its Chrome browser addressing two significant vulnerabilities that could potentially allow attackers to compromise user systems and steal sensitive data.
Vulnerability summary
- CVE-2025-3619 (CVSS score 8.8, classified by Google as critical) - Heap buffer overflow in Codecs component. Could allow attackers to execute arbitrary code by exploiting Chrome's media file processing, potentially leading to full system compromise and data theft
- CVE-2025-3620 (CVSS score 9.8, classified by Google as high) - Use-after-free vulnerability in USB component. Could enable execution of malicious code or unauthorized system access
The vulnerabilities can be exploited remotely, requiring only that a user visit a malicious website or interact with compromised content.
If exploited, attackers could potentially steal passwords and credentials, access financial information, extract sensitive personal data stored in the browser or take control of affected devices.
The patch, released on Tuesday, April 15, 2025, updates Chrome to version 135.0.7049.95/.96 for Windows and Mac, and 135.0.7049.95 for Linux.
Users are strongly advised to update their Chrome browsers immediately.
