The Chrome team has officially announced the promotion of Chrome 135 to the stable channel, marking an update for Windows, Mac, and Linux users.
The rollout for Chrome 135.0.7049.52 (Linux) and 135.0.7049.41/42 (Windows and Mac) will occur gradually over the coming days and weeks.
This update includes numerous fixes, improvements, and security enhancements, ensuring better performance and safety for users across platforms.
Key Features and Updates
Chrome 135 introduces a variety of changes aimed at improving user experience and addressing vulnerabilities.
While the detailed list of changes is available in the official log, the Chrome team has teased upcoming blog posts that will highlight major features and efforts delivered in this version.
Users can expect advancements in functionality, stability, and security as part of this release. Developers are encouraged to stay tuned for updates on Chromium’s blog to explore how these changes may impact their projects.
Security Fixes: A Focus on Vulnerability Management
One of the most critical aspects of this update is its emphasis on security.
Chrome 135 includes fixes for 14 security vulnerabilities, several of which were reported by external researchers.
To protect users during the rollout process, details about these bugs remain restricted until a majority of users have updated their browsers.
Restrictions may also apply if a bug exists in third-party libraries that other projects depend on but have not yet fixed.
Highlighted Security Fixes
Below are some noteworthy vulnerabilities addressed in Chrome 135:
High Severity
- CVE-2025-3066: Use-after-free vulnerability in Navigations, reported by Sven Dysthe (@svn-dys) on March 21, 2025. Reward: $TBD.
Medium Severity
- CVE-2025-3067: Inappropriate implementation in Custom Tabs, reported by Philipp Beer (TU Wien) on October 31, 2024. Reward: $10,000.
- CVE-2025-3068: Inappropriate implementation in Intents, reported by Simon Rawet on March 9, 2025. Reward: $2,000.
- CVE-2025-3069: Inappropriate implementation in Extensions, reported by NDevTK on June 26, 2022. Reward: $1,000.
- CVE-2025-3070: Insufficient validation of untrusted input in Extensions, reported by Anonymous on January 1, 2017. Reward: $1,000.
Low Severity
- CVE-2025-3071: Inappropriate implementation in Navigations, reported by David Erceg on February 23, 2020. Reward: $2,000.
- CVE-2025-3072: Inappropriate implementation in Custom Tabs, reported by Om Apip on August 27, 2024. Reward: $1,000.
- CVE-2025-3073: Inappropriate implementation in Autofill, reported by Hafiizh on January 9, 2025. Reward: $500.
- CVE-2025-3074: Inappropriate implementation in Downloads, reported by Farras Givari on January 28, 2025. Reward: $500.
Internal Security Enhancements
In addition to externally reported issues, Chrome’s internal security initiatives contributed to a wide range of fixes through audits and advanced tools like AddressSanitizer (ASan), MemorySanitizer (MSan), UndefinedBehaviorSanitizer (UBSan), Control Flow Integrity (CFI), libFuzzer, and AFL.
Acknowledgments
The Chrome team expressed gratitude to all security researchers who collaborated during the development cycle to prevent vulnerabilities from reaching the stable channel.
Switching Release Channels
For users interested in exploring different release channels or testing new features ahead of stable releases, instructions are available online.
Developers or users encountering issues can report them by filing bugs or seeking assistance via the community help forum.
Chrome continues to prioritize user safety while delivering cutting-edge features with every update.
With Chrome 135 now available on the stable channel, users can benefit from enhanced security and performance while developers gain access to new tools and capabilities for their projects.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The rollout for Chrome 135.0.7049.52 (Linux) and 135.0.7049.41/42 (Windows and Mac) will occur gradually over the coming days and weeks.){kind=link}