Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access

Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. These vulnerabilities could allow attackers to steal sensitive data and gain unauthorized access to users’ systems.

The flaws, identified as CVE-2025-3619 and CVE-2025-3620, affect Chrome versions prior to 135.0.7049.95/.96 for Windows and Mac and 135.0.7049.95 for Linux. The update is now rolling out globally over the coming days and weeks.

Critical Chrome Vulnerabilities

The most severe of the two, CVE-2025-3619, is a heap buffer overflow in Chrome’s Codecs component. This vulnerability can allow attackers to execute arbitrary code by exploiting how Chrome processes certain media files, potentially leading to full system compromise and data theft.

The second, CVE-2025-3620, is a “use-after-free” flaw in the USB component, which could also be leveraged to execute malicious code or gain unauthorized access to the system.

Security experts warn that these vulnerabilities are particularly dangerous because they can be exploited remotely, requiring only that a user visit a malicious website or interact with compromised content.

Once exploited, attackers could steal passwords, financial information, and other sensitive data stored in the browser or even take control of the affected device.

The vulnerabilities impact all users running outdated versions of Google Chrome on desktop platforms. This includes individuals, businesses, and government organizations that rely on Chrome for web browsing and data management.

Users who store passwords, credit card details, or personal information in Chrome are especially vulnerable to identity theft and fraud if the browser is not updated promptly.

Patch – Update Now!

Google has responded by releasing Chrome version 135.0.7049.95/.96 for Windows and Mac and 135.0.7049.95 for Linux, which addresses these critical flaws.

The company has temporarily restricted access to detailed bug information to protect users while the update is being deployed. Google credits external security researchers Elias Hohl and @retsew0x01 for reporting the vulnerabilities, highlighting the importance of collaboration in maintaining browser security.

The company’s internal security tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, played a key role in detecting and mitigating these threats before they could be widely exploited.

Security agencies and Google strongly urge all Chrome users to update their browsers immediately to the latest stable version. To do so:

• Open Chrome and click the three-dot menu in the top-right corner.
• Navigate to Help > About Google Chrome.
• Chrome will automatically check for updates and install the latest version.
• Restart the browser to apply the update.

While there is no confirmation of active exploitation in the wild, the nature of these vulnerabilities means that unpatched systems remain at high risk. Cybersecurity experts emphasize that regular browser updates are essential to protect against evolving threats and prevent data breaches or system compromise.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!