- 113/2025
- High
Google has released an updated Chrome version 137.0.7151.40/.41 for Windows and Mac.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Code Execution Vulnerability (CVE-2025-5063):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Security Bypass Vulnerability (CVE-2025-5064):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2025-5063
- CVE-2025-5064
- CVE-2025-5065
- CVE-2025-5066
- CVE-2025-5067
- CVE-2025-4664
- CVE-2025-4609
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.