Google has released a crucial security update for its Chrome browser, addressing a critical vulnerability that could potentially allow remote attackers to exploit heap corruption.
The update, version 134.0.6998.117/.118 for Windows and Mac, and 134.0.6998.117 for Linux, is being rolled out over the coming days and weeks.
Critical Vulnerability Details
The most significant fix in this update addresses CVE-2025-2476, a critical use-after-free vulnerability in the Lens feature of Google Chrome.
This flaw could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page, potentially leading to arbitrary code execution on the target system.
The vulnerability affects Chrome versions before 134.0.6998.117 and was reported by SungKwon Lee of Enki Whitehat on March 5, 2025.
While there is currently no evidence of public exploitation, the severity of the vulnerability has prompted Google to urge users to update their browsers immediately.
Impact and Recommendations
The potential impact of this vulnerability is significant.
If exploited, an attacker could:
- Execute arbitrary code on the target system
- Cause heap corruption
- Compromise the confidentiality, integrity, and availability of the affected Chrome browser
Security experts recommend the following actions:
- Update Google Chrome to version 134.0.6998.117 or newer immediately
- Enable automatic updates for Chrome
- Restrict users from visiting untrusted websites
- Implement web filtering and browser isolation techniques
- Conduct a thorough audit of all Chrome installations in the organization
Extended Stable Channel Update
In addition to the main update, Google has also released an update for the Extended Stable channel.
Version 134.0.6998.118 for Windows and Mac will be rolled out over the coming days and weeks.
This update is particularly important for enterprise environments that rely on the Extended Stable channel for more controlled update cycles.
The Chrome security team has emphasized the importance of this update, noting that it includes fixes from internal audits, fuzzing, and other initiatives.
Many of these security bugs were detected using advanced tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
Forbes technology contributor Davey Winder highlighted the urgency of the situation, stating, “Given the severity of the vulnerability, it is crucial to initiate the update process without delay to ensure your protection”.
Users are advised to navigate to the “About” section in their browser settings to trigger the automatic update procedure.
It’s worth noting that this update also affects other Chromium-based browsers, and users of these browsers should check for corresponding updates from their respective vendors.
As always, Google encourages users to report any new issues by filing a bug and reminds the community that the Chrome help forum is available for assistance with common issues.
In conclusion, the critical nature of this vulnerability underscores the importance of keeping web browsers up-to-date.
Users and organizations should prioritize this update to mitigate potential security risks and ensure the continued safe use of Google Chrome and Chromium-based browsers.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Addressing a critical vulnerability that could potentially allow remote attackers to exploit heap corruption.){kind=link}