Google has officially rolled out Chrome version 137.0.7151.55/56 to the Stable Channel, available for Windows, macOS, and Linux. This release isn’t just about performance tweaks—it addresses 11 security vulnerabilities, some of which are classified as high-severity, and could allow remote attackers to exploit your system if left unpatched.
🔐 Key Security Vulnerabilities Fixed in Chrome 137
Among the issues resolved in this update are several that could have serious consequences if exploited in the wild. Here’s a breakdown of the most critical ones:
1. CVE-2025-5063 – Use-After-Free in Compositing
- Severity: High
- This vulnerability arises when memory that has already been freed is still being accessed, leading to potential arbitrary code execution or system crashes.
2. CVE-2025-5280 – Out-of-Bounds Write in V8 JavaScript Engine
- Severity: High
- Out-of-bounds writes can corrupt memory and lead to execution of malicious code. Since V8 powers JavaScript in Chrome, exploiting this could allow attackers to run scripts with elevated privileges.
3. CVE-2025-5283 – Use-After-Free in libvpx
- Severity: High
- This issue was discovered by Mozilla and relates to how Chrome handles VP8/VP9 video files. Improper memory handling here could lead to crashes or potential code execution via crafted media.
⚠️ Other Notable Vulnerabilities
The update also resolves several medium and low-severity vulnerabilities, including:
- CVE-2025-5064 – Inappropriate implementation in Background Fetch API
- CVE-2025-5065 – Issues in FileSystemAccess API, potentially impacting sandboxed access to files
- CVE-2025-5066 – Problematic handling of Messages within Chrome’s internal IPC mechanisms
- CVE-2025-5281 – Flaws in Back-Forward Cache (BFCache) that could expose session data
- CVE-2025-5067 – Bug in Tab Strip, the component managing browser tabs
These vulnerabilities, although not as severe as the ones above, still pose privacy and stability risks.
🛡️ Security Advisory from CERT-In
India’s cybersecurity watchdog, CERT-In, issued a public advisory following Chrome 137’s release. The agency warned that:
“Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, or cause denial-of-service conditions.”
The advisory particularly highlights users on Windows and macOS platforms as being more exposed due to the nature of the exploits.
🔄 How to Update Your Chrome Browser
To ensure you’re protected against these security flaws, follow these steps to update Chrome:
- Open Google Chrome.
- Click the three-dot menu (top-right corner).
- Go to Help → About Google Chrome.
- Chrome will automatically check for updates and begin downloading version 137.0.7151.55 (Linux) or 137.0.7151.56 (Windows/Mac).
- Restart Chrome to apply the update.
💡 Pro Tip: Regular updates are your first line of defense against cyber threats. Always make sure auto-updates are enabled.
