Critical Chrome Security Update: Patch CVE-2025-3619 & CVE-2025-3620 Now!

Google has released a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable channel for Windows and macOS, and 135.0.7049.95 for Linux. The rollout is underway and will reach users over the coming days and weeks.

The update addresses two high-impact security vulnerabilities, one of which has been labeled critical — the most severe rating in Google’s vulnerability classification system. These flaws, if left unpatched, could allow remote attackers to execute arbitrary code or take control of affected systems.

• CVE-2025-3619: Critical Heap Buffer Overflow in Codecs. This critical vulnerability, reported by Elias Hohl, poses a significant threat. Heap buffer overflows can allow attackers to execute arbitrary code, potentially leading to system compromise. Due to the “critical” severity, this patch should be prioritized.
• CVE-2025-3620: High Use-After-Free in USB. Reported by @retsew0x01, this use-after-free vulnerability in the USB subsystem could also allow attackers to execute arbitrary code. Use-after-free vulnerabilities occur when a program attempts to use memory after it has been freed, creating a window for malicious exploitation.

Google’s decision to restrict access to the detailed bug reports and links is a standard practice in cybersecurity. This measure aims to prevent attackers from exploiting the vulnerabilities before a significant portion of users have applied the patch. By withholding information, Google reduces the window of opportunity for malicious actors to develop and deploy exploits.

Furthermore, Google has indicated that restrictions will remain in place if the vulnerabilities exist in third-party libraries that other projects rely on but have not yet patched.

Users and administrators are strongly encouraged to update their Chrome browsers as soon as possible to ensure protection from potential exploitation. Most systems will auto-update, but manual updates can be triggered by navigating to chrome://settings/help.

Related Posts:

• Chrome will no longer flag HTTPS pages as secure sites
• Chrome OS is now ready to run Linux applications
• Chrome OS will enable Linux applications to run on virtual machines

About The Author

Ddos

Ddos is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.

See author's posts