%20(1).webp?w=1600&resize=1600,900&ssl=1)
Google has initiated a phased rollout of Chrome Stable Channel version 137.0.7151.119/.120 for Windows and macOS, and 137.0.7151.119 for Linux systems.
The update addresses multiple security vulnerabilities and includes stability improvements, with a full changelog accessible via the Chrome Log.
Users can expect automatic updates over the coming weeks, though manual checks through chrome://settings/help are recommended for enterprise environments requiring immediate deployment.
High-Severity Security Fixes and Researcher Contributions
This release includes three security fixes, two of which were identified by external researchers through Chrome’s Vulnerability Rewards Program (VRP).
Key resolved issues include:
1. CVE-2025-6191: V8 Engine Integer Overflow
- Severity: High
- Reward: $7,000 (Bug ID: 420697404)
- Technical Impact: An integer overflow in the V8 JavaScript engine could allow arbitrary code execution or browser crashes via malicious input.
- Researcher: Shaheen Fazim (reported May 27, 2025).
2. CVE-2025-6192: Profiler Use-After-Free Vulnerability
- Severity: High
- Reward: $4,000 (Bug ID: 421471016)
- Technical Impact: Memory corruption in the Profiler component might enable code execution through improper memory management.
- Researcher: Chaoyuan Peng (@ret2happy, reported May 31, 2025).
Restricted Access Notice: Full exploit details remain embargoed until most users update, particularly for flaws affecting third-party dependencies.
Risk Factor Table
| CVE ID | Vulnerability | Severity | Reward | Potential Impact |
|---|---|---|---|---|
| CVE-2025-6191 | Integer overflow in V8 | High | $7000 | Arbitrary code execution, browser crash |
| CVE-2025-6192 | Use-after-free in Profiler | High | $4000 | Memory corruption, code execution |
Internal Security Initiatives and Tooling
Google’s internal teams resolved additional vulnerabilities through:
- MemorySanitizer and AddressSanitizer: Detected memory corruption risks.
- UndefinedBehaviorSanitizer: Flagged non-compliant code paths.
- libFuzzer/AFL: Enabled automated fuzz testing for edge-case scenarios.
A third fix (Bug ID: 425443272) stemmed from audits of Control Flow Integrity (CFI) mechanisms, ensuring runtime protection against code-reuse attacks.
Recommendations for Users:
- Enterprise admins should prioritize deployment using tools like Google Admin Console.
- Researchers can report vulnerabilities via Chrome’s bug tracker.
- For update issues, consult the Chrome Help Forum.
This update underscores Chrome’s commitment to collaborative security, blending external researcher insights with advanced internal tooling to mitigate zero-day risks.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Warning for WordPress Admins – Fake SEO Plugins Hijacking Websites")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Apache APISIX Flaw Enables Unauthorized Cross-Issuer Access Due to Misconfigurations")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Instagram Adopts Daily TLS Certificate Rotation with One-Week Validity")
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The%20update%20addresses%20multiple%20security%20vulnerabilities%20and%20includes%20stability%20improvements,%20with%20a%20full%20changelog%20accessible%20via%20the%20Chrome%20Log.){kind=link}