What version of Google Chrome was released with security updates?

Google has released Chrome 141.0.7390.54 for Linux and Chrome 141.0.7390.54/55 for Windows and Mac, patching multiple vulnerabilities including high-severity heap buffer overflow flaws that could allow attackers to execute malicious code and crash browsers.

What is CVE-2025-11205?

CVE-2025-11205 has a CVSS score of 9.8 and Google severity rating of High. It is a heap buffer overflow vulnerability in WebGPU, potentially allowing attackers to execute arbitrary code or crash the browser through memory corruption exploitation. Google awarded researcher Atte Kettunen of OUSPG a $25,000 bug bounty for this discovery.

What is CVE-2025-11206?

CVE-2025-11206 has a CVSS score of 9.8 and Google severity rating of High. It is a heap buffer overflow vulnerability in Video, enabling attackers to manipulate video rendering processes to cause browser instability or crashes.

What is CVE-2025-11219?

CVE-2025-11219 has a CVSS score of 9.8 and Google severity rating of Low. It is a use after free vulnerability in the V8 JavaScript engine that was discovered by Google's Big Sleep AI system.

What other vulnerabilities were patched in Chrome 141?

Additional patched vulnerabilities include CVE-2025-11208 and CVE-2025-11212 (inappropriate implementation in Media system), CVE-2025-11209 and CVE-2025-11213 (inappropriate implementation in Omnibox functionality), CVE-2025-11211 (out of bounds read in Media), CVE-2025-11215 (off-by-one error in V8 JavaScript engine discovered by Big Sleep AI), CVE-2025-11207 (side-channel information leakage in Storage), and CVE-2025-11210 (side-channel information leakage in Tab functionality). Most of these have CVSS scores of 9.8 or 9.1 with Google severity ratings of Medium.

What are heap buffer overflow vulnerabilities?

Heap buffer overflow vulnerabilities occur when a program writes more data to a buffer in the heap memory than it can hold. In the context of Chrome, these vulnerabilities could allow attackers to execute arbitrary code or crash the browser through memory corruption exploitation, affecting components like WebGPU and Video rendering.

How much did Google pay in bug bounties for Chrome vulnerabilities?

Google paid out over $50,000 in bug bounty rewards to external security researchers who discovered these vulnerabilities. For example, researcher Atte Kettunen of OUSPG received a $25,000 bug bounty for discovering CVE-2025-11205.

Did AI help discover any Chrome vulnerabilities?

Yes, Google's Big Sleep AI system discovered two vulnerabilities: CVE-2025-11219, a use after free vulnerability in the V8 JavaScript engine, and CVE-2025-11215, an off-by-one error in the V8 JavaScript engine.

How do I manually update Google Chrome?

Users can manually check for updates by navigating to Chrome's settings menu and selecting About Chrome. The browser will then check for and install available updates automatically.

When will the Chrome security update be available?

The update will roll out gradually over the coming days and weeks through Chrome's automatic update mechanism. However, users can manually check for updates immediately rather than waiting for the automatic rollout.

Why does Google restrict access to vulnerability details?

Google's security policy restricts access to detailed bug information until most users receive the security patches. This prevents attackers from exploiting the vulnerabilities before users have a chance to update their browsers.

Advisory

Google releases update for Chrome multiple flaws

published: Oct. 2, 2025

Take action: If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAO. While not a critical zero-day emergency, these high-severity vulnerabilities deserve quick update. And updating is trivial, all your tabs reopen. Don't ignore or delay this.

Learn More

Google has released Chrome 141.0.7390.54 (Linux) and 141.0.7390.54/55 for Windows and Mac, patching multile vulnerabilities including high-severity heap buffer overflow flaws that could allow attackers to execute malicious code and crash browsers.

Vulnerabilities summary

CVE-2025-11205 (CVSS 9.8, Google severity High) - Heap buffer overflow in WebGPU, potentially allowing attackers to execute arbitrary code or crash the browser through memory corruption exploitation. Google awarded researcher Atte Kettunen of OUSPG a $25,000 bug bounty for this discovery
CVE-2025-11206 (CVSS 9.8, Google severity High) - Heap buffer overflow in Video, enabling attackers to manipulate video rendering processes to cause browser instability or crashes
CVE-2025-11219 (CVSS 9.8, Google severity Low) - Use after free vulnerability in V8 JavaScript engine, discovered by Google's Big Sleep AI system
CVE-2025-11208, CVE-2025-11212 (CVSS 9.8, Google severity Medium) - Inappropriate implementation vulnerabilities in Media system
CVE-2025-11209, CVE-2025-11213 (CVSS 9.8, Google severity Medium) - Inappropriate implementation vulnerabilities in Omnibox functionality
CVE-2025-11211 (CVSS 9.8, Google severity Medium) - Out of bounds read in Media
CVE-2025-11215 (CVSS 9.1, Google severity Medium) - Off-by-one error in V8 JavaScript engine, discovered by Google's Big Sleep AI system
CVE-2025-11207 (CVSS 7.5, Google severity Medium) - Side-channel information leakage in Storage, potentially allowing attackers to extract sensitive data through timing attacks
CVE-2025-11210 (CVSS 7.5, Google severity Medium) - Side-channel information leakage in Tab functionality

Google paid out over $50,000 in bug bounty rewards to external security researchers who discovered these vulnerabilities. The company's security restricts access to detailed bug until most users receive the security patches.

Chrome users should update their browsers as soon as possible. The update will roll out gradually over the coming days and weeks through Chrome's automatic update mechanism. Users can manually check for updates by navigating to Chrome's settings menu and selecting "About Chrome."

Google releases update for Chrome multiple flaws

Read More
CISA warns of active exploitation of discontinued TP-Link …
Apple releases security updates for iOS 18.7, macOS, …
Google Issues Chrome Update for High-Severity Vulnerabilities
LinkedIn Scans Your Browser Extensions at Scale; Who's …
Arc browser patches critical vulnerability allowing users to …