Google Confirms Critical Chrome Vulnerability Affecting Billions of Users
Google has identified a severe security flaw in Chrome that impacts billions of users across Windows, Mac, Linux, and Android platforms. This vulnerability, which could allow cybercriminals to execute arbitrary code through malicious web pages, has prompted an urgent security update to prevent potential exploitation.
CVE-2025-2476: Use-After-Free Vulnerability in Chrome Lens
The flaw, designated CVE-2025-2476, is classified as a critical use-after-free (UAF) memory vulnerability in Chrome’s Lens component. It was discovered by security researcher SungKwon Lee of Enki Whitehat on March 5, 2025. This weakness could allow attackers to trigger heap corruption via specially crafted HTML pages, potentially compromising affected systems.
Use-after-free vulnerabilities occur when a program continues to reference memory after it has been freed, leading to dangerous security gaps. If attackers inject malicious data before the system consolidates memory, they could exploit this flaw to execute arbitrary code.
According to the MITRE Common Weakness Enumeration (CWE) database, use-after-free vulnerabilities pose a high risk because improperly reused memory can lead to system takeovers. To combat such threats, Google employs AddressSanitizer, a memory error detection tool, to identify these flaws during development.
If exploited, this vulnerability could allow attackers to gain control of a user’s system, leading to severe consequences such as:
Installing unauthorized programs
Accessing, modifying, or deleting sensitive data
Creating new accounts with full privileges
Taking complete control of the system
The vulnerability affects Chrome versions earlier than 134.0.6998.117/.118 on Windows and Mac and 134.0.6998.117 on Linux. While no known active exploits have been reported, Google has assigned the issue a critical rating, emphasizing the need for immediate updates.
On March 19, 2025, Google released security patches, updating:
- The Stable Channel to version 134.0.6998.117/.118 (Windows & Mac) and 134.0.6998.117 (Linux)
- The Extended Stable Channel to version 134.0.6998.89 (Windows & Mac)
Google follows a policy of limiting public access to vulnerability details until a majority of users have updated, preventing attackers from exploiting the flaw before users secure their systems.
To safeguard against this vulnerability, users should update Chrome immediately by following these steps:
- Open Chrome and click the three-dot menu in the top-right corner.
- Go to Help > About Google Chrome.
- Allow Chrome to check for updates and install the latest version.
- Restart your browser to complete the update process.
Although updates will be rolled out gradually, users are advised not to wait for automatic updates and instead manually verify that they are running the latest version of Chrome, given the critical nature of this flaw.
Found this article interesting? Follow us on X(Twitter) and Instagram to read more exclusive content we post.
