New Chrome Security Patches Released – Don’t Forget to Update!
Google has recently released a critical security update for the Chrome browser. This update is aimed at fixing several high-risk vulnerabilities that, if left unpatched, could allow attackers to execute arbitrary code or escape the browser’s sandbox.
Updated Chrome Version and Its Impact on Systems
Stable update (Stable) version 134.0.6998.88/.89:
- For Windows and Mac: 134.0.6998.88/.89
- For Linux: 134.0.6998.88
Additionally, corporate users received an Extended Stable version update numbered 134.0.6998.89.
The update was released on March 10, and for security reasons, it is highly recommended to install it as soon as possible.
The latest Chrome update patches five vulnerabilities, three of which are categorized as high-risk. These flaws were found in various browser components and could have been exploited by attackers.
1. CVE-2025-1920 and CVE-2025-2135 – Type Confusion Vulnerabilities in the V8 JavaScript Engine
V8 is Chrome’s JavaScript engine that processes code efficiently using advanced optimization techniques. However, these complex mechanisms can sometimes introduce vulnerabilities.
CVE-2025-1920 and CVE-2025-2135 are Type Confusion vulnerabilities, which occur when different data types get mistakenly mixed up. These flaws can lead to:
✅ Memory corruption and browser crashes
✅ Execution of malicious code
✅ Bypassing the browser’s sandbox and accessing the system
➡️ CVE-2025-1920 was discovered by Excello s.r.o., earning them a $7,000 reward.
➡️ CVE-2025-2135 was reported by Zhenghang Xiao (@Kipreyyy), highlighting the ongoing security challenges in the V8 engine.
2. Out-of-Bounds Write in the GPU Component (CVE-TBD)
Detailed information on this vulnerability has not yet been disclosed, but GPU-related issues often pose serious security risks.
Possible threats include:
✅ Browser crashes (crash)
✅ Code execution by bypassing security protections
✅ Theft of user data or gaining control over the system
GPU vulnerabilities are often difficult to detect, and when exploited, attackers can stealthily compromise a system.
3. Medium-Risk Vulnerabilities
Additionally, the update fixes two medium-risk security issues:
🔹 CVE-2025-2136 – Use-After-Free in the Inspector Component
➡️ Discovered by Sakana.S, who received a $3,000 reward.
➡️ Use-After-Free occurs when a program accesses memory that has already been freed, potentially leading to memory corruption, arbitrary code execution, or system crashes.
🔹 CVE-2025-2137 – Out-of-Bounds Read in the V8 Engine
➡️ Identified by zeroxiaobai@, earning a $2,000 reward.
➡️ Out-of-Bounds Read allows the browser to read data beyond allocated memory boundaries, which could lead to data leaks.
Attackers could exploit these vulnerabilities through:
🔻 Malicious Websites – Specially crafted web pages can use these flaws to execute code on a victim’s device.
🔻 Malware and Virus Distribution – Attackers can use Chrome vulnerabilities to download and install malware on a victim’s system.
🔻 Sandbox Escape and System Compromise – If the browser escapes the sandbox, the attacker may gain access to other applications and system files.
Chrome updates automatically, but changes only take effect after restarting the browser.
✅ To check for updates and install them manually:
1️⃣ Open the Chrome browser
2️⃣ Go to “Settings”
3️⃣ Navigate to “About Google Chrome”
4️⃣ If an update is available, it will download automatically
5️⃣ Restart the browser
💡 Enterprise users and IT departments should monitor updates through the Extended Stable version.
Conclusion and Recommendations
🔹 The latest Chrome update fixes multiple critical vulnerabilities, making it essential to install it as soon as possible.
🔹 Keeping the browser updated is one of the fundamental cybersecurity practices.
🔹 Users should avoid suspicious websites, refrain from downloading files from untrusted sources, and use strong passwords.
🔹 Organizations and IT administrators should rely on stable Chrome versions and implement strict security policies.
🔴 Users and IT professionals must update Chrome to version 134.0.6998.88 or later!
