do son 
In a update for desktop users, Google has released Chrome version 133.0.6943.98/.99 for Windows and Mac, and 133.0.6943.98 for Linux. This update addresses four high-severity security vulnerabilities, some of which could allow attackers to execute arbitrary code or gain unauthorized access to sensitive data. Users are strongly encouraged to update their browsers immediately to protect themselves.
The update, which will roll out over the coming days and weeks, patches vulnerabilities in key components of the Chrome browser, including the V8 JavaScript engine, the Browser UI, and the Navigation component. Of particular concern are several “use after free” vulnerabilities, which can be exploited by attackers to manipulate memory and potentially execute malicious code.
One of the most notable fixes addresses CVE-2025-0995, a high-severity use-after-free vulnerability in V8, reported by researcher Popax21. This bug, which earned Popax21 a $55,000 reward through Google’s vulnerability rewards program, highlights the critical nature of these flaws. The vulnerability existed in the V8 JavaScript engine, a core component of Chrome responsible for executing JavaScript code. A successful exploit could allow an attacker to inject and run malicious code within the context of the affected browser, potentially compromising user data or even the entire system.
Three other high-severity vulnerabilities were also addressed:
- CVE-2025-0996: A high-severity “inappropriate implementation” flaw in the Browser UI, reported by yuki yamaoto. Details about this vulnerability are currently limited, but it could potentially expose weaknesses in the browser’s user interface, allowing attackers to manipulate or spoof elements to trick users.
- CVE-2025-0997: Another high-severity use-after-free vulnerability, this time affecting the Navigation component, and reported by asnine. This flaw could potentially be exploited to manipulate browser navigation and redirect users to malicious websites or expose sensitive information.
- CVE-2025-0998: A high-severity out-of-bounds memory access vulnerability in V8, reported by Alan Goodman. This vulnerability could allow attackers to read or write data outside of the intended memory boundaries, potentially leading to crashes or code execution. Notably, this vulnerability was discovered earlier, on December 31, 2024, suggesting the complexity of patching it.
Chrome typically updates automatically in the background. However, users can manually check for updates by clicking the three vertical dots in the top right corner of the browser, selecting “Help,” and then “About Google Chrome.” Chrome will then check for and install any available updates. Restarting the browser is usually required for the update to take effect.
Given the severity of these patched vulnerabilities, updating to the latest version of Chrome is crucial for all users. Don’t delay – update your browser today to stay protected.
Related Posts:
- Zero-Day Vulnerability: 18 Years of Exploiting the ‘0.0.0.0’ Flaw
- Trojan Malware Infiltrates Browser Extensions, Impacts 300,000 Users
- New Chrome and Firefox malicious extensions prevent user removal to hijack browsers
- Google Bug Bounty Program Expands to Chrome V8 and Google Cloud
- Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks
