Google has released a security update for Chrome, addressing a critical vulnerability that could allow remote attackers to exploit heap corruption through a crafted HTML page.
The flaw, tracked under CVE-2025-2476, is classified as a use-after-free (UAF) vulnerability found in Chrome's Lens feature. It was reported by SungKwon Lee of Enki Whitehat on March 5, 2025. UAF vulnerabilities arise when a program continues to use memory after it has been freed, which can lead to crashes or unintended behavior, including potential code execution.
Lens in Chrome is an AI-powered tool that allows users to search for information using images, translating text, or identifying objects within a webpage. Because it processes web-based content dynamically, memory management issues within this component could present security risks.
The fix is included in Chrome version 134.0.6998.117/.118 for Windows and Mac and 134.0.6998.117 for Linux. Google has also updated the Extended Stable channel to 134.0.6998.89 for Windows and Mac. The update will roll out over the coming days and weeks.
In addition to addressing CVE-2025-2476, the latest release includes various security improvements discovered through internal audits and testing.
To install the latest security update, users should follow these steps:
- Open Chrome and click the three-dot menu in the top-right corner.
- Go to Help > About Google Chrome.
- Chrome will automatically check for updates and install the latest version.
- Restart the browser to apply the update.
Google has restricted further details on the vulnerability until most users have updated their browsers. Currently, the tech giant has not given any indications of active exploitation, but Chrome users are advised to apply the update promptly to ensure their security in any case.
SpyX Spyware Breach Exposes Thousands of Apple iCloud Passwords
Leave a Reply