Google releases update for Chrome and Chromium browsers fixing critical flaw
Take action: A fairly urgent update of your Chrome and Chromium based browsers (Opera, Edge, Brave, Vivaldi). This one has a critical flaw patched so a quick update is more than prudent. Because hackers will start using this vulnerability. Patch all your browsers NOW, it's trivial and all your tabs reopen.
Learn More
Google has patched a a critical security vulnerability in Chrome browser version 136 that could allow remote attackers to execute malicious code on affected systems.
The flaw is tracked as tracked as CVE-2025-4372 (CVSS score 9.8) - Use-After-Free in WebAudio. A memory corruption vulnerability in Chrome's WebAudio API component. The flaw is caused by the MediaStreamAudioDestinationNode not being properly managed, allowing potential attackers to manipulate freed memory addresses to execute arbitrary code on victims' systems.
Exploiting the flaw requires minimal user interaction—simply visiting a malicious webpage could trigger the exploit. No special user privileges are needed for a successful attack. While Google has officially categorized the vulnerability as "Medium" severity, several security vendors, including Tenable, have rated it as "Critical" with a CVSS base score of 9.8, indicating the serious exploitation potential.
At present, there is no evidence that CVE-2025-4372 is being actively exploited in the wild. However, security experts believe this status may change rapidly now that the vulnerability is public knowledge.
Google has fixed the vulnerability in the latest Chrome update, releasing version 136.0.7103.92/.93 for Windows and Mac systems and 136.0.7103.92 for Linux platforms on Tuesday, May 6, 2025.
The update will roll out to users over the coming days and weeks. Security experts strongly recommend manually updating immediately by navigating to Chrome's settings (chrome://settings/help) to check for and install the latest version.
