Threat Advisory

Google Chrome 133 Fixes Remote Code Execution Vulnerabilities

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

Google Chrome version 133 addresses multiple critical security vulnerabilities, including use-after-free bugs in the Skia graphics library and V8 JavaScript engine. These flaws could potentially allow attackers to exploit memory management issues and execute remote code, gaining unauthorized access or control over affected systems. It is advised to update their browsers immediately to mitigate the risks of exploitation. The update also addresses other security issues, including vulnerabilities in the Extensions API, though they pose a lower risk compared to the bugs. It has implemented various security measures to prevent exploitation, including restricting access to detailed information about the vulnerabilities until the majority of users have updated.[/subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

Google Chrome version 133 addresses multiple critical security vulnerabilities, including use-after-free bugs in the Skia graphics library and V8 JavaScript engine. These flaws could potentially allow attackers to exploit memory management issues and execute remote code, gaining unauthorized access or control over affected systems. It is advised to update their browsers immediately to mitigate the risks of exploitation. The update also addresses other security issues, including vulnerabilities in the Extensions API, though they pose a lower risk compared to the bugs. It has implemented various security measures to prevent exploitation, including restricting access to detailed information about the vulnerabilities until the majority of users have updated.[emaillocker id="1283"]

  • CVE-2025-0444: It is a use-after-free vulnerability in Skia, Chrome’s 2D graphics library. This flaw allows attackers to manipulate memory after it has been freed, potentially leading to remote code execution. Exploiting this bug could enable unauthorized access or system compromise.
  • CVE-2025-0445: It is a use-after-free vulnerability in V8, Chrome’s JavaScript engine. It allows attackers to exploit memory mismanagement, potentially leading to remote code execution. This flaw poses a significant security risk, enabling unauthorized access or system compromise. Users should update Chrome immediately to protect against potential exploits.
  • CVE-2025-0451: It is a vulnerability in Chrome’s Extensions API due to inappropriate implementation. It could allow attackers to exploit security flaws within browser extensions, potentially leading to unauthorized access or data exposure.

 

RECOMMENDATION:

  • We strongly recommend you update Google Chrome for Linux to version 133.0.6943.53 and for Windows, macOS to version 133.0.6943.53/54.  

 

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/chrome-use-after-free-vulnerabilities/

[/emaillocker]
crossmenu