Google Chrome Chrome vulnerabilities

CVE-2024-49861 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-49861 Long Term Support Channel Update for ChromeOS CVE-2024-49861

CVE-2025-9479 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-9479 Stable Channel Update for Desktop CVE-2025-9479: Out of bounds read in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2025-01-18 As usual, our ongoing internal security work was responsible for a wide range of fixes: [ 399107077 ]Various fixes from internal audits, fuzzing and other initiatives Many of our security bugs are detected using AddressSanitizer , MemorySanitizer , UndefinedBehaviorSanitizer , Control Flow Integrity

CVE-2025-0997 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0997 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0997

CVE-2025-1566 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-1566 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-1566

CVE-2025-0995 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0995 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0995

CVE-2025-0444 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0444 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0444

CVE-2025-0445 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0445 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0445

CVE-2025-0451 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0451 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0451

CVE-2025-0998 Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0998 Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0998

CVE-2025-0999 [HIGH] Stable Channel Update for Desktop: CVE-2025-0999 Stable Channel Update for Desktop CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@0x10n) on 2025-02-04 [TBD][ 383465163 ] High CVE-2025-1426: Heap buffer overflow in GPU Reported by un3xploitable && GF on 2024-12-11 [$4000][ 390590778 ] Medium CVE-2025-1006: Use after free in Network Severity: high

CVE-2025-0437 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2025-0437 Long Term Support Channel Update for ChromeOS CVE-2025-0437

CVE-2025-0438 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2025-0438 Long Term Support Channel Update for ChromeOS CVE-2025-0438

CVE-2025-0762 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-0762 Stable Channel Update for Desktop CVE-2025-0762: Use after free in DevTools. Reported by Sakana Severity: medium

CVE-2025-0447 [LOW] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-0447 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-0447: Inappropriate implementation in Navigation. Reported by Khiem Tran (@duckhiem) on 2024-10-25 [$7000 Severity: low

CVE-2025-0446 [LOW] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-0446 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2025-0446: Inappropriate implementation in Extensions. Reported by Hafiizh on 2024-08-15 [$2000 Severity: low

CVE-2025-0434 [HIGH] Stable Channel Update for Desktop: CVE-2025-0434 Stable Channel Update for Desktop CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 [$7000][ 379652406 ] High CVE-2025-0435: Inappropriate implementation in Navigation Reported by Alesandro Ortiz on 2024-11-18 [$3000][ 382786791 ] High CVE-2025-0436: Integer overflow in Skia Severity: high

CVE-2025-0443 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-0443 Stable Channel Update for Desktop CVE-2025-0443: Insufficient data validation in Extensions. Reported by Anonymous on 2024-10-31 [$1000][ 359949844 ] Low CVE-2025-0446: Inappropriate implementation in Extensions Reported by Hafiizh on 2024-08-15 [$1000][ 375550814 ] Low CVE-2025-0447: Inappropriate implementation in Navigation Severity: medium

CVE-2025-0440 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-0440 Stable Channel Update for Desktop CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22 [$2000][ 368628042 ] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames Reported by someoneverycurious on 2024-09-21 [$2000][ 40940854 ] Medium CVE-2025-0442: Inappropriate implementation in Payments Severity: medium

CVE-2025-0448 [LOW] Stable Channel Update for Desktop: CVE-2025-0448 Stable Channel Update for Desktop CVE-2025-0448: Inappropriate implementation in Compositing. Reported by Dahyeon Park on 2024-11-08 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2025-0291 [HIGH] Stable Channel Update for Desktop: CVE-2025-0291 Stable Channel Update for Desktop CVE-2025-0291: Type Confusion in V8. Reported by Popax21 on 2024-12-11 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high