The Google Chrome stable channel has just received a crucial update, bringing it to version 133.0.6943.126/.127 for Windows and Mac, and 133.0.6943.126 for Linux. This rollout, which will occur over the coming days and weeks, addresses three security vulnerabilities, including two high-severity flaws.
Among the most critical fixes is CVE-2025-0999, a high-severity heap buffer overflow in V8, Chrome’s JavaScript engine. This vulnerability, reported by Seunghyun Lee (@0x10n) on February 4th, earned a hefty $11,000 reward through Google’s vulnerability rewards program. Heap buffer overflows can be particularly dangerous, potentially allowing attackers to execute arbitrary code and gain control of a user’s system. The prompt patching of this flaw is vital for protecting Chrome users.
Another high-severity vulnerability, CVE-2025-1426, involves a heap buffer overflow in the GPU process. Discovered by un3xploitable and GF on December 11th, this issue also poses a significant risk. While details are currently limited, GPU vulnerabilities can be exploited to achieve various malicious objectives, from information disclosure to system instability.
The update also patches a medium-severity vulnerability, CVE-2025-1006, a use-after-free issue in the Network component. This flaw, reported by a team of researchers from Palo Alto Networks – Tal Keren, Sam Agranat, Eran Rom, Edouard Bochin, and Adam Hatsir – on January 18th, earned a $4,000 reward. Use-after-free vulnerabilities can lead to crashes or, in some cases, be exploited for more serious attacks.
The specific details of these vulnerabilities might remain limited for a time to prevent further exploitation. Users are strongly encouraged to update their browsers as soon as the update becomes available. To ensure you’re running the latest version, simply open Chrome and click on the three vertical dots in the top right corner, then navigate to “Help” and “About Google Chrome.” Chrome will automatically check for updates and prompt you to restart if a new version is available. Don’t delay – update today!
Related Posts:
- Malicious Chrome Extension Infects Over 100,000 Users
- Chrome will no longer flag HTTPS pages as secure sites
