- 55/2025
- High
Google has released an updated Chrome version 134.0.6998.88/.89 for Windows, Mac, and 134.0.6998.88 for Linux.
The addressed vulnerabilities could allow the remote attacker to crash the browser, execute arbitrary code via a crafted HTML page, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Remote Code Execution Vulnerability in V8 (CVE-2025-1920):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Use After Free Vulnerability in Inspector (CVE-2025-2136):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Exploitable crash
Vulnerabilities
- CVE-2025-1920
- CVE-2025-2135
- CVE-2025-2136
- CVE-2025-2137
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.