An urgent security update for its Chrome browser, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems.
The update, version 137.0.7151.119/.120 for Windows and Mac, and 137.0.7151.119 for Linux, is currently rolling out to users worldwide and represents a significant security milestone in browser protection.
Google’s latest Chrome update addresses three distinct security vulnerabilities, with two classified as high-severity threats that pose immediate risks to user systems.
The Stable channel update began deployment this week and will reach all users over the coming days and weeks through Chrome’s automatic update mechanism.
This release follows Google’s standard security protocol of restricting detailed vulnerability information until the majority of users have received the protective fixes.
The technology giant has implemented a measured disclosure approach, maintaining restrictions on bug details and access links to prevent exploitation while users update their browsers.
This strategy extends to vulnerabilities found in third-party libraries that other projects depend on, ensuring coordinated security responses across the broader software ecosystem.
The update represents the culmination of extensive internal security auditing, fuzzing initiatives, and collaborative research with external security experts.
Chrome’s engineering team utilized multiple detection technologies in identifying these vulnerabilities, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
These sophisticated tools enable proactive identification of security vulnerabilities before they can be exploited in production environments.
Chrome Vulnerabilities
The most critical vulnerability, designated CVE-2025-6191, involves an integer overflow in V8, Chrome’s JavaScript engine.
Discovered by security researcher Shaheen Fazim on May 27, 2025, this vulnerability earned a substantial $7,000 bounty from Google’s vulnerability rewards program.
Integer overflow vulnerabilities in JavaScript engines are particularly dangerous as they can lead to memory corruption and arbitrary code execution when processing malicious web content.
The second major security vulnerability, CVE-2025-6192, represents a use-after-free vulnerability in Chrome’s Profiler component.
Reported by researcher Chaoyuan Peng (@ret2happy) on May 31, 2025, this vulnerability received a $4,000 security bounty.
Use-after-free vulnerabilities occur when programs continue to use memory locations after they have been freed, potentially allowing attackers to manipulate memory contents and execute malicious code.
Both vulnerabilities carry high-severity ratings, indicating their potential for significant system compromise.
These vulnerabilities could enable attackers to bypass browser security mechanisms, access sensitive user data, or gain unauthorized system access through carefully crafted web pages or malicious advertisements.
Immediate Action Required for All Users
Chrome users should immediately update their browsers to protect against these actively dangerous vulnerabilities.
The browser typically updates automatically, but users can manually trigger updates by navigating to Chrome’s settings menu and selecting “About Google Chrome.”
The update process will download and install the latest security patches without requiring user intervention.
Organizations and individual users operating Chrome in enterprise environments should prioritize this update deployment.
System administrators should verify that all managed Chrome installations receive the security update promptly, particularly in environments handling sensitive data or critical business operations.
Google continues encouraging security researchers to participate in responsible disclosure programs, acknowledging the vital role external researchers play in maintaining browser security.
Users experiencing issues with the update or discovering new security concerns can report problems through Chrome’s official bug reporting channels or seek assistance through community support forums.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
