The latest version of Chrome, 133.0, has been officially released by the Google Chrome team and is now accessible on the stable channel for Windows, Mac, and Linux.
This recent release, with the versions 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, comes with a range of enhancements and critical security patches.
We strongly recommend users to promptly update their browsers to safeguard against newly identified vulnerabilities that could potentially enable hackers to execute remote code.
The most recent update tends to 12 security flaws, including two prominent use-after-free concerns that could potentially allow hackers to exploit memory handling issues and execute malicious code remotely.
These vulnerabilities raise significant concerns as attackers could exploit them to take control of a user’s system.
- CVE-2025-0444: Use-after-free in Skia
This high-severity bug was identified by security researcher Francisco Alonso (@revskills) on January 19, 2025. Skia serves as Chrome’s 2D graphics library, and a use-after-free defect within this aspect might empower hackers to edit memory and run random code. Google awarded Alonso $7,000 for his efforts. - CVE-2025-0445: Use-after-free in V8
Another high-severity vulnerability was detected in V8, which is Chrome’s JavaScript engine. Uncovered by an undisclosed researcher (known as “303f06e3”) on January 27, 2025, this vulnerability also poses notable risks concerning remote code execution. - CVE-2025-0451: Improper implementation in Extensions API
This moderate-severity problem was reported by Vitor Torres and Alesandro Ortiz. Although less severe than the use-after-free concerns, it still represents a potential danger to users’ safety.
Use-after-free vulnerabilities manifest when a program persists in utilizing memory post its release or deallocation.
This behavior could result in unpredictable outcomes like system crashes or the triggering of harmful code. Cyber attackers frequently exploit these vulnerabilities to attain unauthorized entry or dominance over systems.
Google’s Actions and Security Steps
Google has limited access to comprehensive bug details until most users have updated their browsers. This approach is designed to prevent hackers from exploiting these vulnerabilities before users are shielded.
In addition to resolving externally reported flaws, Google has also incorporated various remedies from internal audits and fuzzing endeavors. Tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and others played crucial roles in detecting these flaws throughout development.
Given the critical nature of the flaws addressed in this release, we strongly urge users to promptly update their browsers. Neglecting to do so might expose systems to possible attacks that utilize these flaws.
To update Chrome:
- Launch Chrome.
- Tap on the ellipses in the top-right corner.
- Select “Help” > “About Google Chrome.”
- The browser will autonomously check for updates and manage installations if any are available.
- Reboot Chrome to finalize the process.
The Chrome team sustain its pledge to user security through proactive measures like internal evaluations and partnerships with external analysts. Future updates will present not only enriched features but also additional enhancements in security.
Stay tuned for forthcoming blog entries from Google detailing new features and ventures incorporated in Chrome 133. Take immediate action to ensure your safety by updating your browser without hesitation!
The article Chrome Use-After-Free Vulnerabilities Let Hackers Execute Remote Code – Update Now appeared first on Cyber Security News.