Severe Chrome Vulnerability Exposes User Data and Unauthorized Access Risks

Google has announced the release of Chrome Stable Channel version 135.0.7049.95/.96 for Windows and Mac, and 135.0.7049.95 for Linux.

This update, which will be gradually rolled out over the coming days and weeks, addresses critical security vulnerabilities and introduces several technical improvements.

Users are strongly encouraged to update their browsers to ensure optimal security and performance.

Key Technical Updates

The latest release, identified by build numbers 135.0.7049.95 and 135.0.7049.96, incorporates a range of bug fixes and stability improvements.

A comprehensive list of code changes and enhancements is available in the official Chrome Release Log.

Security Fixes and Rewards

This update focuses on two major security vulnerabilities discovered and reported by external security researchers.

These issues have been assigned CVE identifiers and have been addressed in the current release:

• CVE-2025-3619: Heap Buffer Overflow in Codecs (Critical)
  • Bug ID: 409619251
  • Reporter: Elias Hohl
  • Date Reported: 2025-04-09
  • Technical Details: This vulnerability involved a heap buffer overflow in the browser’s codecs component. Heap buffer overflows can allow attackers to execute arbitrary code or cause a denial of service (DoS) by corrupting memory. The flaw was patched promptly to mitigate exploitation risks.
• CVE-2025-3620: Use After Free in USB (High)
  • Bug ID: 405292639
  • Reporter: @retsew0x01
  • Date Reported: 2025-03-21
  • Technical Details: This high-severity bug was a “use after free” vulnerability in the USB subsystem. Such flaws occur when a program continues to use a pointer after the memory it references has been freed, potentially leading to code execution or data leaks.

Google has temporarily restricted access to detailed bug reports and exploit links until the majority of users have updated their browsers.

If a vulnerability is present in a third-party library not yet patched elsewhere, these restrictions will remain in place to protect users across the ecosystem.

Advanced Detection and Prevention Tools

Many security bugs in Chrome are detected using advanced tools and techniques, including:

• AddressSanitizer (ASan)
• MemorySanitizer (MSan)
• UndefinedBehaviorSanitizer (UBSan)
• Control Flow Integrity (CFI)
• libFuzzer
• AFL (American Fuzzy Lop)

These tools help identify memory corruption, undefined behavior, and other vulnerabilities during the development and testing phases, preventing many issues from ever reaching end users.

Community Engagement and Reporting

Google extends its gratitude to the security researchers and community members who contributed to this release cycle.

The company encourages users to participate in Chrome’s development and security improvement by reporting bugs via the Chrome Bug Tracker and engaging with the community help forum.

For those interested in experimenting with new features or helping test upcoming releases, instructions for switching Chrome release channels are available.

Stay Updated, Stay Secure: Users are advised to update Chrome as soon as possible to benefit from the latest security protections and enhancements.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates