Google Chrome Patched High-Severity Memory Vulnerabilities
Summary : Security Advisory: Google recently rolled out an update for Chrome to address two high & and one medium severity vulnerabilities.
| OEM | |
| Severity | High |
| CVSS Score | 8.0 |
| CVEs | CVE-2025-11458, CVE-2025-11460, CVE-2025-11211 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A heap buffer overflow in the Sync component and a use-after-free (UAF) vulnerability in the Storage component have been fixed, along with other security issues.
Users and administrators are advised to apply the latest patch as soon as possible to ensure their systems remain secure.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Heap Buffer Overflow in Sync | CVE-2025-11458 | Chrome (Windows, Mac, Linux) | High | 141.0.7390.65/66 |
| Use-After-Free in Storage | CVE-2025-11460 | Chrome (Windows, Mac, Linux) | High | 141.0.7390.65/66 |
| Out-of-Bounds Read in WebCodecs | CVE-2025-11211 | Chrome (Windows, Mac, Linux) | Medium | 141.0.7390.65/66 |
Technical Summary
Google released an update for the Chrome Stable channel, addresses three significant security vulnerabilities related to memory safety. The update addresses multiple critical memory-related vulnerabilities within Chrome’s core components.
These include a flaw that could allow attackers to corrupt memory during browser data synchronization, potentially enabling arbitrary code execution, and another vulnerability in the storage system that involves improper memory handling after an object is freed, which could also lead to exploitation through crafted web content.
Additionally, a medium-severity issue was fixed in the media processing API that could cause exposure of sensitive memory or impact browser stability when handling certain media files. These fixes are part of ongoing efforts to improve browser security by mitigating risks of remote code execution, data exposure, and crashes.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-11458 | Chrome Sync component | Heap buffer overflow in the Sync component could allow memory corruption and potentially enable arbitrary code execution when handling synchronization data. | Remote Code Execution / Data Leakage |
| CVE-2025-11460 | Chrome Storage component | Use-after-free in the Storage component could allow attackers to access freed memory, potentially leading to code execution or information disclosure. | Remote Code Execution / Browser Instability |
| CVE-2025-11211 | Chrome WebCodecs API | Out-of-bounds read in the WebCodecs API could expose memory contents or crash the browser when processing malformed media inputs. | Memory Disclosure / Browser Crash |
Recommendations
Update Chrome immediately to the following versions:
- Windows/Mac: Chrome v141.0.7390.65/66
- Linux: Chrome v141.0.7390.65
Here are bellow recommended actions
- Manual Update Check: Navigate to Settings → Help → About Google Chrome to force update.
- Enterprise Patch Management: Enforce Chrome auto-updates across managed systems.
- Threat Monitoring: Actively monitor browser crash reports, endpoint security alerts, and system/network logs for suspicious behavior.
Conclusion:
This update reflects Chrome’s continued commitment to robust browser security by addressing multiple critical memory vulnerabilities that could otherwise be exploited for remote code execution, data exposure, or browser instability.
Promptly applying updates is essential to reduce potential attack surfaces, maintain browser stability, and safeguard user data against emerging threats.
References: