Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ systems. 

The update, rolled out on Tuesday, June 17, 2025, patches three significant security flaws including two high-severity vulnerabilities that earned external researchers substantial bounty rewards totaling $11,000.

The latest Chrome Stable Channel update version 137.0.7151.119/.120 for Windows and Mac, and 137.0.7151.119 for Linux, addresses three critical security vulnerabilities that pose significant risks to user safety. 

CVE-2025-6191: Integer Overflow in V8

The high-severity vulnerability, tracked as CVE-2025-6191, represents an integer overflow in V8, Chrome’s JavaScript engine. 

This flaw was discovered by security researcher Shaheen Fazim on May 27, 2025, and earned a $7,000 bounty reward from Google’s Vulnerability Reward Program. 

Particularly, the vulnerability affects Chrome’s core JavaScript processing engine, which handles billions of operations daily across web applications. 

Integer overflow vulnerabilities in JavaScript engines are particularly dangerous as they can lead to memory corruption and enable attackers to execute malicious code within the browser’s sandbox environment.

CVE-2025-6192: Use After Free in Profiler

The second high-severity vulnerability, CVE-2025-6192, involves a use-after-free condition in Chrome’s Profiler component. 

Reported by researcher Chaoyuan Peng (@ret2happy) on May 31, 2025, this vulnerability earned a $4,000 reward. 

The vulnerability targets Chrome’s performance profiling system, which developers and power users often employ for debugging and optimization. 

Use-after-free vulnerabilities occur when a program continues to use memory after it has been freed, potentially allowing attackers to manipulate memory contents and achieve code execution.

Google’s security team emphasizes that access to detailed bug information remains restricted until the majority of users have updated their browsers. 

The company also noted that restrictions may remain in place if the vulnerabilities affect third-party libraries used by other projects that haven’t yet implemented fixes.

Immediate Action Required for Users

Chrome users across all desktop platforms must update immediately to protect against potential exploitation of these vulnerabilities. 

The update rollout began Tuesday and will continue over the coming days and weeks through Chrome’s automatic update mechanism. 

Users can manually check for updates by navigating to Chrome Settings > About Chrome or by accessing chrome://settings/help in their browser’s address bar.

The rapid response to these vulnerabilities demonstrates the critical importance of maintaining updated browser software and highlights the ongoing security challenges facing modern web browsers as they balance functionality with user protection.

Power up early threat detection, escalation, and mitigation with ANY.RUN’s Threat Intelligence Lookup. Get 50 trial searches.

The post Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! appeared first on Cyber Security News.