{“lastseen”:”2025-12-04T14:05:14″,”description”:”Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome\u2019s Digital Credentials feature\u2013a tool that lets you share verified information from your digital wallet with websites so you can prove who you are across devices.\\n\\nChrome is by far the world\u2019s most popular browser, with an estimated 3.4 billion users. That scale means when Chrome has a security flaw, billions of users are potentially exposed until they update.\\n\\nThat\u2019s why it\u2019s important to install these patches promptly. Staying unpatched means you could be at risk just by browsing the web, and attackers often exploit these kinds of flaws before most users have a chance to update. Always let your browser update itself, and don\u2019t delay restarting the browser as updates usually fix exactly this kind of risk.\\n\\n## How to update Chrome\\n\\nThe latest version number is **143.0.7499.40\/.4** 1 for Windows and macOS, and **143.0.7499.40** for Linux. So, if your Chrome is on version **143.0.7499.40 or later,** it\u2019s protected from these vulnerabilities.\\n\\nThe easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong\u2014such as an extension stopping you from updating the browser.\\n\\nTo update manually, click the **More** menu (three dots), then go to **Settings** \\u003e **About Chrome**. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you\u2019ll be protected against these vulnerabilities.\\n\\nYou can also find step-by-step instructions in our guide to how to update Chrome on every operating system.\\n\\n\\n\\n## Technical details\\n\\nOne of the vulnerabilities was found in the Digital Credentials feature and is tracked as **CVE-2025-13633**. As usual Google is keeping the details sparse until most users have updated. The description says: \\n\\n\\u003e Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. \\n\\nThat sounds complicated so let\u2019s break it down.\\n\\n**Use after free (UAF)** is a specific type of software vulnerability where a program attempts to access a memory location after it has been freed. That can lead to crashes or, in some cases, let an attackers run their own code.\\n\\n**The renderer process** is the part of modern browsers like Chrome that turns HTML, CSS, and JavaScript into the visible webpage you see in a tab. It’s sandboxed for safety, separate from the browser’s main \\”browser process\\” that manages tabs, URLs, and network requests. So, for HTML pages, this is essentially the browser’s webpage display engine.\\n\\n**The heap** is an area of memory made available for use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.\\n\\nA \u201cremote attacker who had compromised the renderer\u201d means the attacker would already need a foothold (for example, via a malicious browser extension) and then lure you to a site containing specially crafted HTML code.\\n\\nSo, my guess is that this vulnerability could be abused by a malicious extension to steal the information handled through Digital Credentials. The attacker could access information normally requiring a passkey, making it a tempting target for anyone trying to steal sensitive information.\\n\\nSome of the fixes also apply to other Chromium browsers, so if you use Brave, Edge, or Opera, for example, you should keep an eye out for updates there too.\\n\\n* * *\\n\\n**We don ‘t just report on threats\u2014we help safeguard your entire digital identity**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.”,”published”:”2025-12-04T12:42:02″,”modified”:”2025-12-04T12:42:02″,”type”:”malwarebytes”,”title”:”Update Chrome now: Google fixes 13 security issues affecting billions”,”source”:””,”references”:””,”id”:”MALWAREBYTES:9CFD93D17E12E2B2F4C03FC6B071CC26″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-13633″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/google-fixes-13-security-issues-affecting-billions”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-04T14:05:14″,”description”:”Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,115,13,7,11,5],"class_list":["post-28634","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n