{“lastseen”:”2025-12-17T18:05:09″,”description”:”Google issued an extra patch addressing two security vulnerabilities in Chrome, both of which can be triggered remotely by an attacker when a user visits a specially crafted, malicious web page.\\n\\nChrome is by far the world\u2019s most popular browser, with an estimated 3.4 billion users. That makes it a massive target. When Chrome has a security flaw that can be triggered just by visiting a website, billions of users are exposed until they update.\\n\\nThat\u2019s why it\u2019s important to install these patches promptly. Staying unpatched means you could be at risk just by browsing the web. Attackers often try to exploit browser vulnerabilities quickly, before most users have a chance to update. Always let Chrome update itself, and don\u2019t delay restarting it, as updates usually fix exactly this kind of risk.\\n\\n## How to update Chrome\\n\\nThe latest version number is **143.0.7499.146\/.147** for Windows and macOS, and **143.0.7499.146** for Linux. So, if your Chrome is on version **143.0.7499.146 or later,** it\u2019s protected from these vulnerabilities.\\n\\nThe easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong\u2014such as an extension stopping you from updating the browser.\\n\\nTo update manually, click the **More** menu (three dots), then go to **Settings** \\u003e **About Chrome**. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you\u2019ll be protected against these vulnerabilities.\\n\\nYou can also find step-by-step instructions in our guide to how to update Chrome on every operating system.\\n\\n\\n\\n## **Technical details**\\n\\nOne of the vulnerabilities was found in the WebGPU web graphics API, which allows for graphics processing, games, and more, as well as AI and machine learning applications. This vulnerability, tracked as CVE-2025-14765 is a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.\\n\\nUse-after-free is a class of vulnerability caused by incorrect use of dynamic memory during a program\u2019s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker may be able to use the error to manipulate the program.\\n\\nHeap corruption occurs when a program inadvertently damages the allocator’s view of the heap, which can lead to unexpected alterations in memory. The heap is a region of memory used for dynamic memory allocation.\\n\\nThe other vulnerability, known as CVE-2025-14766 was\u2014once again\u2014found in the V8 engine as an out-of-bounds read and write.\\n\\nV8 is the engine that Google developed for processing JavaScript, and it has seen more than its fair share of bugs.\\n\\nAn out-of-bounds read and write vulnerability means an attacker may be able to manipulate parts of the device\u2019s memory that should be out of their reach. Such a flaw allows a program to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers could write code to a part of the memory where the system executes it with permissions that the program and user should not have.\\n\\nIn this case, the vulnerability could be exploited when the engine processes specially crafted HTML content, such as a malicious website.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-12-17T16:02:52″,”modified”:”2025-12-17T16:02:52″,”type”:”malwarebytes”,”title”:”Two Chrome flaws could be triggered by simply browsing the web: Update now”,”source”:””,”references”:””,”id”:”MALWAREBYTES:1EA2FE3B9194D82A2F2CA95AD1E16F69″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-14765″,”CVE-2025-14766″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/two-chrome-flaws-could-be-triggered-by-simply-browsing-the-web-update-now”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-17T18:05:09″,”description”:”Google issued an extra patch addressing two security vulnerabilities in Chrome, both of which can be triggered remotely by an attacker when a user visits…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,115,13,7,11,5],"class_list":["post-31588","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n