Google has released a critical security update for Chrome, fixing multiple high-severity vulnerabilities that could allow arbitrary code execution and sandbox escapes. The Stable Channel Update (134.0.6998.88/.89) for Windows, Mac, and Linux addresses five security flaws, including three high-risk ones. The most critical fixes target CVE-2025-1920 and CVE-2025-2135, both type confusion vulnerabilities in Chrome’s V8 JavaScript engine, which could enable remote code execution. Another high-severity issue (CVE-TBD) involves an out-of-bounds write in Chrome’s GPU component, raising concerns about system crashes and exploitation.

Medium-severity flaws include a use-after-free vulnerability (CVE-2025-2136) in the Inspector component and an out-of-bounds read (CVE-2025-2137) in V8. Although Google has not confirmed active exploitation, these vulnerabilities could be used in drive-by attacks, where visiting a malicious site is enough to trigger exploitation. Users must restart Chrome to apply the patches, and enterprises should prioritize the update. This marks the fourth major Chrome security release in 2025, reflecting ongoing threats targeting the V8 engine and GPU components.

‍