InfoSecBulletin Cybersecurity for mankind
Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among these are several high-severity flaws that could potentially allow remote code execution or lead to crashes.
The update version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for macOS includes important security fixes for V8, PDFium, and Media Stream after weeks of testing.
Register Now
AI Engineering Hackathon: Registration Open
Cisco alerts about a Webex flaw that exposes credentials
NVIDIA Issues Warning of Multiple Vulnerabilities
Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities
Broadcom Patches 3 VMware Zero-Days Exploited In Attacks
Singapore issues new guidelines for data center and cloud services
Update Alert!
Google Warns of Critical Android Vulns Under Attack
CISA adds Cisco and Windows vulns as actively exploited
10 New Vulnerabilities Discovered in MediaTek Chipsets
Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns
Researchers Zhenghang Xiao and Nan Wang received a $7,000 bounty for discovering a serious vulnerability, CVE-2025-1914, that involved an out-of-bounds read in Chrome’s V8 JavaScript engine.
This vulnerability can let attackers bypass security measures or access sensitive memory data.
A key fix, CVE-2025-1915, addressed a path traversal vulnerability in DevTools that could reveal local files. This was reported by Topi Lassila, who received a $4,000 reward.
The update mostly focused on moderate issues, such as a use-after-free flaw in Profiles (CVE-2025-1916) reported by South Korea’s SSD Labs and an out-of-bounds read in PDFium (CVE-2025-1918) discovered by researcher “asnine.”
Khalil Zhani was awarded $3,000 for identifying problems in Browser UI and Permission Prompts.
CVE ID Severity Vulnerability Description
CVE-2025-1914 High Out-of-bounds read in V8
CVE-2025-1915 Medium Path traversal in DevTools
CVE-2025-1916 Medium Use-after-free in Profiles
CVE-2025-1917 Medium Browser UI implementation flaw
CVE-2025-1918 Medium Out-of-bounds read in PDFium
CVE-2025-1919 Medium Out-of-bounds read in Media
CVE-2025-1921 Medium Media Stream implementation flaw
CVE-2025-1922 Low Selection implementation flaw
CVE-2025-1923 Low Permission Prompts implementation flaw
Google fixed five more vulnerabilities using tools like AddressSanitizer and Control Flow Integrity.
The update will roll out gradually over the next few weeks. Users can check for it manually by going to Chrome > Help > About Google Chrome.
