Google Releases Critical Security Update for Chrome

Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. These vulnerabilities could allow attackers to steal sensitive data and gain unauthorized access to users’ systems.

Google has rolled out a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable channel for Windows and macOS, and 135.0.7049.95 for Linux. This update addresses two high-impact security vulnerabilities, one of which is labeled critical — the most severe rating in Google's vulnerability classification system.

Key Vulnerabilities Addressed

• CVE-2025-3619: Critical Heap Buffer Overflow in Codecs: Reported by Elias Hohl, this vulnerability poses a significant threat. Heap buffer overflows can allow attackers to execute arbitrary code, potentially leading to system compromise. Due to its critical severity, this patch should be prioritized.

• CVE-2025-3620: High Use-After-Free in USB: Reported by @retsew0x01, this use-after-free vulnerability in the USB subsystem could also allow attackers to execute arbitrary code. Use-after-free vulnerabilities occur when a program attempts to use memory after it has been freed, creating a window for malicious exploitation.

Security Measures

Google has restricted access to detailed bug reports and links to prevent attackers from exploiting the vulnerabilities before a significant portion of users have applied the patch. This standard practice in cybersecurity aims to reduce the window of opportunity for malicious actors to develop and deploy exploits.

Users and administrators are strongly encouraged to update their Chrome browsers as soon as possible to ensure protection from potential exploitation. Most systems will auto-update, but manual updates can be triggered by navigating to chrome://settings/help.

For more details, you can visit the official Google Chrome Releases blog: Google Chrome Releases