Google Chrome Chrome vulnerabilities

CVE-2025-3071 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-3071 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-3071

CVE-2024-26921 [MEDIUM] Long Term Support Channel Update for ChromeOS: CVE-2024-26921 Long Term Support Channel Update for ChromeOS CVE-2024-26921

CVE-2025-3619 [CRITICAL] Stable Channel Update for Desktop: CVE-2025-3619 Stable Channel Update for Desktop CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09 [TBD][ 405292639 ] High CVE-2025-3620: Use after free in USB Reported by @retsew0x01 on 2025-03-21 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: critical

CVE-2025-3067 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-3067 Stable Channel Update for Desktop CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31 [$2000][ 401823929 ] Medium CVE-2025-3068: Inappropriate implementation in Intents Reported by Simon Rawet on 2025-03-09 [$1000][ 40060076 ] Medium CVE-2025-3069: Inappropriate implementation in Extensions Severity: medium

CVE-2025-2783 [HIGH] Stable Channel Update for Desktop: CVE-2025-2783 Stable Channel Update for Desktop CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo on Windows. Reported by Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) of Kaspersky on 2025-03-20 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2025-1006 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2025-1006 Long Term Support Channel Update for ChromeOS CVE-2025-1006

CVE-2025-1914 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-1914 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on 2025-02-20 [$2000 Severity: high

CVE-2024-7969 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-7969 Long Term Support Channel Update for ChromeOS CVE-2024-7969

CVE-2025-2135 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-2135 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on 2025-03-02 [$2000 Severity: high

CVE-2025-1919 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-1919 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-1919: Out of bounds read in Media. Reported by @Bl1nnnk and @Pisanbao on 2025-01-26 [$2000 Severity: medium

CVE-2025-1916 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-1916 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-1916: Use after free in Profiles. Reported by parkminchan, SSD Labs Korea on 2024-10-31 [$55000 Severity: medium

CVE-2025-2136 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-2136 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-2136: Use after free in Inspector. Reported by Sakana Severity: medium

CVE-2025-1918 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-1918 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine on 2025-01-09 [$1000 Severity: medium

CVE-2025-2137 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-2137 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@ on 2025-02-25 [$7000 Severity: medium

CVE-2025-1921 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-1921 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-1921: Inappropriate Implementation in Media Stream. Reported by Kaiido on 2025-01-04 [$1000 Severity: medium

CVE-2025-1923 [LOW] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-1923 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-1923: Inappropriate Implementation in Permission Prompts. Reported by Khalil Zhani on 2024-12-06 [$3000 Severity: low

CVE-2025-1917 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-1917 Stable Channel Update for Desktop CVE-2025-1917: Inappropriate Implementation in Browser UI. Reported by Khalil Zhani on 2024-03-14 [$2000][ 388557904 ] Medium CVE-2025-1918: Out of bounds read in PDFium Reported by asnine on 2025-01-09 [$2000][ 392375312 ] Medium CVE-2025-1919: Out of bounds read in Media Severity: medium

CVE-2025-13102 [LOW] Stable Channel Update for Desktop: CVE-2025-13102 Stable Channel Update for Desktop CVE-2025-13102: Inappropriate implementation in WebApp Installs. Reported by Bharat (mrnoob) on 2024-07-07 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2025-0611 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2025-0611 Long Term Support Channel Update for ChromeOS CVE-2025-0611

CVE-2024-46800 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-46800 Long Term Support Channel Update for ChromeOS CVE-2024-46800