Google has confirmed a critical security flaw, CVE-2025-2476, affecting Chrome on Windows, Mac, Linux, and Android. The vulnerability, classified as a use-after-free (UAF) memory flaw in Chrome’s Lens component, allows remote attackers to execute arbitrary code through specially crafted web pages. Security researcher SungKwon Lee of Enki Whitehat discovered and reported this issue on March 5, 2025. Use-after-free vulnerabilities are highly dangerous because they involve memory being improperly accessed after being freed, leading to potential system compromise through heap corruption.

If exploited, this flaw could grant attackers the same privileges as the logged-in user, enabling them to install malicious programs, access or delete sensitive data, create new accounts, or take full control of affected systems. The vulnerability affects Chrome versions before 134.0.6998.117/.118 on Windows and Mac and 134.0.6998.117 on Linux. While no active exploits have been detected, Google considers this a critical threat and urges immediate updates to mitigate risks.

On March 19, 2025, Google released an urgent security patch, updating Chrome to versions 134.0.6998.117/.118 (Stable) and 134.0.6998.89 (Extended Stable). As a precautionary measure, Google is restricting detailed information about the exploit until most users update their browsers. AddressSanitizer, a tool designed to detect memory errors, reinforces the importance of addressing such flaws in browser security.

To protect against this threat, users must update Chrome by navigating to Help > About Google Chrome, allowing the update to install, and restarting the browser. While automatic updates will roll out gradually, users should manually verify their version to ensure they are on the latest patch. Given the severity of this vulnerability, delaying the update could expose systems to potential exploitation.