Urgent Chrome Update Fixes Critical Security Flaws

Details of the Critical Vulnerability

On May 21, 2025, Google released an early stable version of Chrome to fix eight security issues. Due to the severity, the update is being pushed faster than usual.

The critical flaw, CVE-2025-5063, involves memory being used after it has been released, which can allow attackers to execute commands through malicious websites.

Use-after-free issues are especially dangerous because they can be used to bypass security and take full control of a system.

Other Vulnerabilities Fixed

• CVE-2025-5064: A medium-risk flaw in Background Fetch, reported by Maurice Dauer. Attackers could bypass download protections. Reward: $4,000.
• CVE-2025-5065: A medium-risk issue in the FileSystemAccess API, allowing websites to access local files without permission. Reported by NDevTK. Reward: $2,000.
• CVE-2025-5066: A medium-severity bug in the Messages component, possibly leading to data leaks. Reported by Mohit Raj (shadow2639). Reward: $1,000.
• CVE-2025-5067: A low-risk vulnerability in the Tab Strip UI that could mislead users through tab spoofing. Reported by Khalil Zhani. Reward: $500.

Google noted that technical details of the bugs may remain hidden until most users install the update, to prevent misuse by attackers.

How to Update Chrome

1. Click the three-dot menu in the top-right corner of Chrome.
2. Go to Help > About Google Chrome.
3. Chrome will automatically check for updates and install them.
4. Make sure the version is 137.0.7151.40 or 137.0.7151.41.
5. Restart Chrome to apply the update.

Security experts recommend turning on automatic updates for all software. Also, avoid visiting unknown websites or clicking suspicious links to reduce the risk of attacks.