- 115/2025
- High
Google has released an updated Chrome version 137.0.7151.55/56 for Windows and Mac, and version 137.0.7151.55 for Linux.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, or execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Code Execution Vulnerability (CVE-2025-5280):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Security Bypass Vulnerability (CVE-2025-5281):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2025-5280
- CVE-2025-5281
- CVE-2025-5283
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.