Critical Chrome Vulnerability Exposes Users to Data Theft and Unauthorized Access

A critical security vulnerability has been discovered in Google Chrome, prompting an urgent update as millions of users worldwide face potential threats of data theft and unauthorized access.

The newly released Stable channel update—now available as version 135.0.7049.95/.96 for Windows and Mac, and 135.0.7049.95 for Linux—is being rolled out over the next few days and weeks, with users strongly advised to update immediately.

Multiple Security Flaws Discovered

This update addresses two major security flaws, with the most severe identified as CVE-2025-3619, a heap buffer overflow vulnerability found in Chrome’s Codecs component.

Discovered and reported by security researcher Elias Hohl on April 9, 2025, this critical issue could enable attackers to execute arbitrary code, potentially allowing them to steal sensitive data, hijack browsing sessions, or gain unauthorized access to user accounts.

The second high-severity vulnerability, CVE-2025-3620, involves a use-after-free bug in ...