Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched
Ddos 
Google has rolled out an important security update for the Stable Channel of Chrome, bringing the version number to 137.0.7151.119/.120 for Windows and macOS, and 137.0.7151.119 for Linux. This update, which is expected to reach users over the coming days and weeks, includes three security fixes, two of which have been rated high severity and were responsibly disclosed by external security researchers.
The first major vulnerability addressed in this release is CVE-2025-6191, a high-severity integer overflow issue found in Chromeβs V8 JavaScript engine. This flaw was reported by researcher Shaheen Fazim on May 27, 2025, and earned a $7,000 bug bounty from Googleβs Vulnerability Rewards Program.
Integer overflows in V8 can be particularly dangerous because they may allow attackers to manipulate how memory is allocated and accessed during JavaScript execution. If exploited successfully, this flaw could lead to unexpected behavior, memory corruption, or even arbitrary code executionβpotentially giving attackers control of the affected system simply through a malicious website.
The second vulnerability, CVE-2025-6192, was reported by researcher Chaoyuan Peng (@ret2happy). This bug affects Chromeβs Profiler component, a tool used internally to monitor performance and system behavior. For his efforts, Peng was awarded a $4,000 bounty.
A use-after-free vulnerability occurs when a program continues to use a memory location after it has already been freed. In Chrome, such issues can result in memory corruption or exploitable crashes, potentially allowing an attacker to execute malicious code in the browserβs context. The Profilerβs internal operations, while not exposed directly to users, offer an attractive vector for exploitation when improperly secured.
As always, Google advises all users to update Chrome immediately to benefit from these security fixes. The update can be triggered manually by going to Settings > About Chrome, which will check for and apply the latest version. Restarting the browser finalizes the process.
Related Posts:
- Pwn2Own: Firefox Hacked with JavaScript Zero-Days – Details on the Exploits
- Chrome Update Alert: Two High-Severity Flaws Patched β Update Now to Stay Safe!
- Critical PHP Flaw Exposes Websites to SQL Injection Attacks
- CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel
- Chrome 137 Released: Fixes High-Severity Use-After-Free & V8 Bugs
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
