Google has issued an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems. The patch is included in version 141.0.7390.107 for Linux and 141.0.7390.107/.108 for Windows and macOS, which began deploying to the Stable channel this week. Full release notes detail the changes, with the update expected to reach most users over the coming days or weeks.
Understanding the Vulnerability
The flaw, tracked as CVE-2025-11756, resides in Chrome’s Safe Browsing feature, a core component designed to protect users from malicious websites and phishing attempts. Discovered by independent researcher as nine on September 25, 2025, the vulnerability earned a $7,000 bounty under Google’s Vulnerability Reward Program.
Use-after-free errors occur when software continues to reference memory that has already been freed, potentially leading to crashes, data corruption, or exploitation. In this case, attackers could leverage the bug to inject and run malicious code, bypassing security sandboxes and compromising the entire browser environment.
Potential Impact
Google classifies the issue as high severity, emphasizing its potential for remote exploitation without user interaction. Simply visiting a rigged webpage could trigger the attack. While no widespread exploits have been reported in the wild, the company restricted bug details initially to ensure most users update before details go public. This aligns with Chrome’s proactive security stance, where access to full disclosures is often delayed until patches propagate.
Technical Details
The fix was enhanced by Google’s suite of detection tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, which assist in identifying memory-related bugs early in development. Google also extended thanks to external researchers for their contributions during the cycle, preventing other flaws from slipping into stable releases.
User Recommendations
Users should update Chrome immediately via the browser’s settings menu or automatic rollout. As browser-based threats evolve, this incident underscores the importance of timely patching in defending against sophisticated attacks.
Broader Context
This update is part of Google’s ongoing efforts to enhance Chrome’s security. In recent months, the company has addressed several high-severity vulnerabilities, including issues in the V8 JavaScript engine and the ANGLE graphics library. These proactive measures highlight the importance of regular software updates and the role of the cybersecurity community in identifying and mitigating potential threats.
Conclusion
The prompt response to CVE-2025-11756 demonstrates Google’s commitment to user security. By staying vigilant and applying updates promptly, users can protect themselves against emerging threats and ensure a safer browsing experience.
