Google Chrome Update Addresses CVE-2025-4372 and Additional Vulnerabilities

Dark Watch
Google Chrome Update Addresses CVE-2025-4372 and Additional Vulnerabilities

Published:

Staff Editor
Written by: Staff Editor
spot_img

Google Chrome’s Critical Update: What You Need to Know

Google has recently rolled out a significant security and feature update for its widely used web browser, Google Chrome. If you’re among the millions who rely on Chrome daily, this is an update you won’t want to overlook. The new version—136.0.7103.113/.114 for Windows and macOS, and 136.0.7103.113 for Linux—began its rollout via the Stable channel on May 14, 2025. This update addresses crucial patches for multiple security vulnerabilities, including the medium-severity CVE-2025-4372.

Contents
Google Chrome’s Critical Update: What You Need to KnowUnderstanding the VulnerabilitiesCVE-2025-4372: A Use-After-Free VulnerabilityCVE-2025-4664: High-Risk ExploitThe First Zero-Day of 2025: CVE-2025-2783CVE-2025-4609: Another High-Severity FlawPerformance and Feature EnhancementsWhat You Should DoRecommendations for UsersThe Role of External Researchers

Understanding the Vulnerabilities

CVE-2025-4372: A Use-After-Free Vulnerability

One of the key vulnerabilities addressed in this update is CVE-2025-4372, categorized as a “use-after-free” issue within Chrome’s Web Audio module. Such vulnerabilities can be exploited to crash the browser or even allow attackers to execute malicious code on your system. This particular flaw poses a risk to users, making it imperative to update your browser promptly.

CVE-2025-4664: High-Risk Exploit

Another critical flaw is CVE-2025-4664, a high-severity vulnerability linked to insufficient policy enforcement in the Chrome Loader component. Reported by security researcher @slonser_ on May 5, 2025, this vulnerability allows potential attackers to bypass Chrome’s internal security policies. Exploiting it could lead to unauthorized code execution or even sandbox escapes. Google has confirmed that this vulnerability is actively being exploited in the wild, prompting a strong advisory for users to update their browsers immediately.

The Cybersecurity and Infrastructure Security Agency (CISA) has also added CVE-2025-4664 to its Known Exploited Vulnerabilities Catalog, urging users and organizations to apply the patch by June 5, 2025.

The First Zero-Day of 2025: CVE-2025-2783

This update also addresses CVE-2025-2783, the first confirmed zero-day vulnerability found in Chrome this year. A zero-day vulnerability is particularly concerning because it means that bad actors have already begun exploiting it before users have had a chance to patch the flaw. While details on its exploitation remain limited, it underscores the increasing frequency of zero-day threats in modern software ecosystems.

CVE-2025-4609: Another High-Severity Flaw

Additionally, CVE-2025-4609, reported by researcher Micky on April 22, 2025, is another high-severity flaw that stems from an incorrect handle provided in unspecified conditions within the Mojo IPC system. Similar to CVE-2025-4664, this vulnerability could be exploited to execute arbitrary code with user-level privileges, particularly concerning for users operating with administrative rights.

Performance and Feature Enhancements

Beyond security fixes, Chrome version 136.0.7103.113/.114 introduces several performance improvements and user-facing features. Notable backend enhancements include more efficient rendering processes and better memory management, designed to streamline overall browser performance.

Users can also expect new features such as updates to the TabGroupHeader accessible name and improved behavior in popover-focus functionality. These changes aim to refine user navigation and accessibility, making for a smoother browsing experience.

Moreover, developers have resolved bugs that were causing crashes in the AddToTopLayer function and issues with the Update button in chrome://extensions, contributing to a more stable browsing environment.

What You Should Do

If you’re running a version of Google Chrome older than 136.0.7103.113, it’s crucial to update immediately. Google strongly advises both individual users and organizations to apply the patch to stay protected. Unpatched browsers are easy targets, especially when vulnerabilities like CVE-2025-4372 and CVE-2025-4664 are known and actively being probed by attackers.

Recommendations for Users

  1. Enable Automatic Updates: Ensure that your browser is set to automatically update so that patches are applied as soon as they become available.

  2. Use Supported Software: Stick to browsers and software that are fully supported and actively maintained to minimize exposure to threats.

  3. Conduct Regular Vulnerability Assessments: In enterprise environments, regular assessments can help catch outdated software versions before attackers do.

The Role of External Researchers

Google has acknowledged the critical role of external researchers in identifying vulnerabilities such as CVE-2025-4372, CVE-2025-4664, and CVE-2025-2783. Many of these issues were uncovered using advanced tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, libFuzzer, and AFL, highlighting the importance of community collaboration in enhancing software security.

spot_img

Related articles

Recent articles

Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com