Urgent Chrome Update: Critical Vulnerabilities Allow Arbitrary Code Execution

Posted: June 18, 2025

Categories: Google, vulnerability

Tags: v8 engine, user safety, use-after-free, security vulnerabilities, google security, cve-2025-6192, cve-2025-6191, chrome update, browser update, arbitrary code execution

Author: Npav Lab

Google has issued an urgent security update for Chrome browsers on all desktop platforms, addressing critical vulnerabilities that could enable attackers to execute arbitrary code on users' systems.

The update, released on Tuesday, June 17, 2025, fixes three significant security flaws, including two high-severity vulnerabilities that earned external researchers a total of $11,000 in bounty rewards.

CVE-2025-6191: Integer Overflow in V8
The first high-severity vulnerability, tracked as CVE-2025-6191, involves an integer overflow in V8, Chrome’s JavaScript engine. Discovered by security researcher Shaheen Fazim on May 27, 2025, this flaw earned a $7,000 bounty from Google’s Vulnerability Reward Program.

This vulnerability impacts Chrome’s core JavaScript processing engine, which handles billions of operations daily across web applications. Integer overflow vulnerabilities in JavaScript engines are particularly hazardous as they can lead to memory corruption, allowing attackers to execute malicious code within the browser’s sandbox environment.

CVE-2025-6192: Use After Free in Profiler
The second high-severity vulnerability, CVE-2025-6192, pertains to a use-after-free condition in Chrome’s Profiler component. Reported by researcher Chaoyuan Peng (@ret2happy) on May 31, 2025, this vulnerability earned a $4,000 reward.

This flaw targets Chrome’s performance profiling system, commonly used by developers and power users for debugging and optimization. Use-after-free vulnerabilities occur when a program continues to access memory after it has been freed, potentially allowing attackers to manipulate memory contents and execute code.

The latest Chrome Stable Channel update, version 137.0.7151.119/.120 for Windows and Mac, and 137.0.7151.119 for Linux, addresses these three critical security vulnerabilities that pose significant risks to user safety.

Google’s security team emphasizes that detailed bug information will remain restricted until the majority of users have updated their browsers. Restrictions may also persist if the vulnerabilities affect third-party libraries used by other projects that have not yet implemented fixes.

Immediate Action Required for Users
Chrome users on all desktop platforms must update immediately to safeguard against potential exploitation of these vulnerabilities. The update rollout began on Tuesday and will continue over the coming days and weeks through Chrome’s automatic update mechanism.

Users can manually check for updates by navigating to Chrome Settings > About Chrome or by entering chrome://settings/help in their browser’s address bar.

This rapid response to the vulnerabilities underscores the critical importance of keeping browser software up to date and highlights the ongoing security challenges that modern web browsers face as they strive to balance functionality with user protection.

Sharing is caring!
Share

Tweet LinkedIn

Comment(s)