Chrome 141 has arrived, bringing a robust set of 21 security fixes to safeguard users from critical vulnerabilities. This blog post summarizes all key updates, highlights the most important CVEs, and explains why upgrading now is vital for security professionals, enterprise environments, and everyday users alike.
What’s New in Chrome 141 Security?
Google’s Chrome 141 update rolls out for Windows, Mac, and Linux, resolving numerous memory corruption, side-channel, and logic bugs in major browser components. Up to $25,000 in bug bounties were distributed to external researchers for discovering these issues, reinforcing Google’s commitment to proactive security auditing.
Key Vulnerabilities Fixed
- In Chrome 141, two CVEs are rated as high severity: CVE-2025-11205, a heap buffer overflow in WebGPU, and CVE-2025-11206, a heap buffer overflow in Video processing. Both vulnerabilities could potentially allow attackers to execute arbitrary code or crash the browser, making immediate updates essential for security.
- Remaining fixes: Various internal discoveries via AddressSanitizer, MemorySanitizer, libFuzzer, and Google’s audit efforts.
CVE-2025-11205: WebGPU Heap Buffer Overflow
- Impact: A heap buffer overflow in WebGPU allows attackers to write outside the bounds of allocated memory. This can lead to arbitrary code execution, possibly allowing remote exploitation if a user visits a malicious website.
- Discovery and Fix: Reported by Atte Kettunen, with a bug bounty reward of $25,000, indicating the critical risk and complexity of the vulnerability.
CVE-2025-11206: Video Heap Buffer Overflow
- Component: Video processing module, responsible for media playback and streaming in Chrome.
- Impact: Exploiting this flaw could let an attacker corrupt memory during video handling, opening the door to denial-of-service attacks (browser crashes) or even compromise of the underlying system if chained with other vulnerabilities.
- Discovery and Fix: Discovered by Elias Hohl, awarded $4,000, highlighting its high severity but relatively lower complexity versus the WebGPU exploit.
Update Instructions
- Open Chrome and click the three-dot menu on the top-right.
- Select “Help > About Google Chrome.”
- Chrome will check for updates, install Version 141, and prompt for restart.
Why Chrome 141 Matters
Both high-severity CVEs (heap buffer overflows in WebGPU and Video) can enable memory corruption and possibly remote code execution if exploited, making updating crucial for security.
Medium and low-severity bugs fixed in this release impact privacy, reliability, and resilience against automated attacks and browser exploit chains.
Final Thoughts
Chrome 141’s comprehensive vulnerability patching continues to raise the defensive bar against exploitation efforts and information leaks. Security teams, enterprise admins, and regular users should upgrade as soon as possible to benefit from these protections and stay secure against evolving threats.
