heise PlusAbo
Anzeige

Google plugs attacked gap in Chrome

The latest update for Google's Chrome web browser fixes a security vulnerability for which an exploit is already available.

listen Print view
Distorted Chrome logo and caution sign in front of matrix sign rain background

(Image: heise online / dmk)

3 min. read
Security
By

Outside the usual schedule, Google released an update for the Chrome web browser on Tuesday night. It closes a security gap that is already under attack on the internet.

In the release announcement, Google's developers write that the new version seals three security vulnerabilities. There is no information on one of the vulnerabilities, which suggests that the programmers discovered it internally.

Exploit in the wild

A vulnerability in Google Chrome's Javascript engine V8 allows attackers to read and write outside of intended memory limits. An exploit for this vulnerability has emerged in the wild, so it is apparently already under attack. However, Google does not discuss what the vulnerability looks like, how attackers abuse it or how attacks can be detected (CVE-2025-5419 / EUVD-2025-16695, CVSS according to EUVD 8.8, risk “high”).

Videos by heise

Interesting detail: Google's developers claim to have mitigated the problem with a configuration change that they distributed to the Chrome browsers in the stable branch at the end of May. However, the update now corrects the issue correctly and comprehensively in the program code.

The update also addresses another vulnerability, a “use-after-free” vulnerability in the Chrome browser's Blink rendering engine (CVE-2025-5068 / EUVD-2025-16694, CVSS according to EUVD 8.8, risk “medium” according to Google, “high” according to EUVD). Program code accesses resources that have already been released and whose content is undefined. Such errors can often be misused to execute injected malicious code.

Check the current status

Chrome users should check whether they are already running the latest version of the software. This can be done by calling up the version dialog. This can be found in the browser's settings menu, which opens by clicking on the icon with the three dots stacked on top of each other and continuing via “Help” to “About Google Chrome”.

The version dialog of the web browser shows the current version of the software and offers to install an update if required.

(Image: Screenshot / dmk)

The bug-fixed browser versions are Google Chrome 137.0.7151.72 for Android, 137.0.7151.68 for Linux and 137.0.7151.68/.69 for macOS and Windows. Under Linux, it is usually necessary to call up the distribution's software management to update. Web browsers based on Chromium, such as Microsoft's Edge, should also receive a security update to plug the leaks shortly – Microsoft usually distributes it on Friday of the week.

Read also

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten