Creation Date | April 16, 2025
Source Google | Chrome Security Bulletin
Classification:
Impact: Loss of confidentiality, integrity, availability
- Exploit: Unknown exploit
- Solution: Update
Affected Systems:
- Chrome versions prior to 135.0.7049.95 for Linux
- Chrome versions prior to 135.0.7049.95/.96 for Windows
- Chrome versions prior to 135.0.7049.95/.96 for Mac
Conclusion
The vulnerabilities CVE-2025-3619 and CVE-2025-3620 were recently identified in the Google Chrome browser, affecting millions of users worldwide. These security flaws present significant risks and require immediate attention to prevent potential exploitation by malicious actors.
CVE-2025-3619: Buffer Overflow in Codecs
The vulnerability CVE-2025-3619 is classified as critical and involves a buffer overflow in Chrome’s codecs. A buffer overflow occurs when data is written outside the allocated memory boundaries, which could allow an attacker to execute arbitrary code. This flaw could lead to a full system compromise if successfully exploited.
CVE-2025-3620: Use-After-Free in USB
The vulnerability CVE-2025-3620 is a “use-after-free” flaw in Chrome’s USB functionality. This type of vulnerability occurs when the program attempts to use memory after it has been freed, creating an opportunity for malicious exploitation. This flaw could also allow arbitrary code execution, although it is classified as less severe than CVE-2025-3619.
References:
- CVE-2025-3620 CVSS score 8.10
- CVE-2025-3619 CVSS score 9.80
Google Security Advisory :
Solution:
Ensure that Google Chrome is updated to version 135.0.7049.95/.96 for Windows and macOS, and 135.0.7049.95 for Linux. This update addresses the identified security vulnerabilities.
