Google’s New Chrome Update—Do Not Ignore June 5 Deadline

Google has just updated Chrome again, warning that two high-severity vulnerabilities put PCs at risk. The “use after free” and “out of bounds” memory issues are typical for the browser, and while there are no attack warnings this time, these are the types of flaws often chained to other exploits to enable attacks.

Details are scarce, as Google says “access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” There are 11 fixes in total with the release of version 137.0.7151.55/56.

ForbesNew Microsoft Email To Windows Users Is ‘A Nasty Surprise’By Zak Doffman

The new high- and medium-severity fixes are as follows:

• High CVE-2025-5063: Use after free in Compositing.
• High CVE-2025-5280: Out of bounds write in V8.
• Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API.
• Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
• Medium CVE-2025-5066: Inappropriate implementation in Messages.
• Medium CVE-2025-5281: Inappropriate implementation in BFCache.
• Medium CVE-2025-5283: Use after free in libvpx.

Earlier this month, Google warned that Chrome had been actively exploited and issued an urgent fix for CVE-2025-4664. The company’s confirmation “that an exploit exists in the wild” followed a public disclosure on X from @slonser_ that a query parameter takeover could exploit sensitive data in a string which “might lead to an Account Takeover” if the query parameter is stolen.

Given attacks in the wild, America’s cyber defense agency issued a mandatory warning for federal staff to update or stop using browsers by June 5. While that update instruction isn’t mandatory for other users, you should follow suit and update by June 5.

This vulnerability was openly disclosed from the get-go and is now in the public domain. That leaves browsers at risk until updates are applied. CISA’s remit is “to help [all organizations] better manage vulnerabilities and keep pace with threat activity,” which is ever more critical given the threat landscape.

ForbesDo Not Join Any Meeting On Your PC If You See This MessageBy Zak Doffman

As Cybersecurity News warns “the vulnerability poses significant risks, including unauthorized data leakage across web origins… Given its classification as a zero-day flaw, it was exploited before Google released the patch, heightening the urgency for mitigation.”

Remember, you need to restart your browser once the update has downloaded. As long as you have the current version, all past fixes will be applied and you will be protected.