
The Chrome team has just unleashed version 133 onto the stable channel for Windows, Mac, and Linux, bringing with it a wave of updates, including a crucial dozen security fixes. While new features are always exciting, this release focuses heavily on patching vulnerabilities, a critical aspect of maintaining a secure browsing experience. The update, rolling out now and continuing over the coming days and weeks, bumps the version number to 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac.
This release is particularly noteworthy for addressing two high-severity use-after-free vulnerabilities, one in Skia and the other in V8, Chrome’s rendering engine and JavaScript engine, respectively. These types of vulnerabilities are particularly dangerous as they can allow attackers to potentially execute arbitrary code on a user’s system.
The first major fix, tracked as CVE-2025-0444, addresses a use-after-free vulnerability in Skia, the graphics library Chrome uses to render images and other visual elements. This flaw, reported by Francisco Alonso (@revskills) on January 19, 2025, earned a hefty $7000 reward through Chrome’s vulnerability reward program. Use-after-free vulnerabilities occur when a program tries to access memory that has already been freed, leading to unpredictable behavior and potential security risks. In the wrong hands, this could be exploited to inject malicious code.
The second high-severity vulnerability, CVE-2025-0445, resides within the V8 JavaScript engine. Also a use-after-free issue, this flaw was reported by an anonymous researcher going by “303f06e3” on January 27, 2025. Given V8’s crucial role in processing JavaScript, this vulnerability could have significant implications if exploited.
Finally, CVE-2025-0451, a medium-severity vulnerability in the Extensions API. This flaw, categorized as an “inappropriate implementation,” was reported by Vitor Torres and Alesandro Ortiz back in September 2022 and has now been finally addressed. While less severe than the use-after-free bugs, it’s still important to patch, as weaknesses in the Extensions API could be exploited by malicious extensions.
To check for updates manually, users can navigate to:
- Settings > About Chrome
- Chrome will automatically check for updates and install the latest version
- Restart the browser to apply the changes
Related Posts:
- Mozilla releases emergency update to fix two exploited zero-day vulnerabilities in Firefox
- VmWare release the patch to fix use-after-free and integer-overflow vulnerabilities
- Mozilla releases security patch to fix 10 flaws in Thunderbird