Google releases Chrome 125 patching four high-severity flaws
Take action: Update your Chrome and Chromium browsers (Opera, Brave, Edge) as soon as possible. We understand how ridiculous it is to patch many times a week.Yet hackers are betting on our collective fatigue. Don't delay, the update is trivial and all your tabs are reopened automatically.
Learn More
Google has released an update for Chrome (version 125.0.6422.76 for Linux and 125.0.6422.76/.77 for Windows and macOS) that resolves four high-severity bugs reported by external researchers.
-
CVE-2024-5157 (CVSS Score 8.8) - Use-After-Free Flaw in Scheduling: This type of flaw can potentially lead to sandbox escape if exploited in conjunction with vulnerabilities in the underlying operating system or privileged Chrome processes.
-
CVE-2024-5158 (CVSS Score 8.8) - Type Confusion in V8 JavaScript Engine. Type confusion vulnerabilities can lead to execution of arbitrary code if an attacker can manipulate the type system of the language runtime.
-
CVE-2024-5159 (CVSS Score 8.8) - Heap Buffer Overflow in ANGLE Graphics Layer Engine. Buffer overflow issues can lead to arbitrary code execution or crashing the application.
-
CVE-2024-5160 (CVSS Score 8.8) - Heap Buffer Overflow in Dawn (WebGPU Implementation). Similar to the buffer overflow in ANGLE, this can lead to code execution or crashes.
Users should update Chrome to the latest version (125.0.6422.76 for Linux and 125.0.6422.76/.77 for Windows and macOS) immediately. Although there are no mentions of these vulnerabilities being exploited in the wild, users are strongly advised to update their browsers to ensure they are protected.
