Web browser: Google plugs critical security leak in Chrome

On Wednesday evening this week, Google updated the Chrome web browser. Chrome users should quickly ensure that they have installed the update.

In Google's version announcement, information on the closed gaps can only be found in homeopathic doses. According to this, the new version of the browser closes two security gaps. Google only provides information on vulnerabilities that have been reported by external IT researchers. In this case, one gap was apparently discovered internally, while the other is classified as a critical risk.

Critical security vulnerability in Chrome

The description of the vulnerability is extremely brief: "Use-after-free in Lens", write the developers (CVE-2025-2476, risk"critical" according to Google). In a use-after-free vulnerability, the program code accesses resources that have already been released and therefore have no defined state. Such leaks can often be misused to inject and execute malicious code. This appears to be quite easy in this case, which is why the threat assessment is so high – it is probably sufficient to visit a carefully prepared website to exploit the vulnerability.

Attacks on the vulnerability are not yet known. Nevertheless, users of Chromium-based web browsers should check whether they are already using the latest browser version.

Update check

This can be done in Chrome's version dialog. It is hidden in the browser menu, which opens after clicking on the icon with the three stacked dots to the right of the address bar, and then via "Help" – "About Google Chrome".

If an update is available, the installation process can often be initiated there.

Chrome is currently available with the version numbers 134.0.6998.108 for Android, 134.0.6998.117 for Linux and 134.0.6998.117/.118 for macOS and Windows. The extended stable version is up-to-date with version 134.0.6998.89 on macOS and Windows.

(dmk)