Vulnerability cyber

Google

Mar 24, 2025 1 min read
Google

Google confirmed a critical security flaw in Chrome affecting billions on various platforms. Identified as CVE-2025-2476, this critical memory vulnerability in the Chrome Lens component allows execution of arbitrary code via crafted web pages. Reported by SungKwon Lee, the use-after-free issue poses a threat to user data and system control, prompting an urgent update. Pre-update versions of Chrome on Windows, Mac, Linux, and Android are susceptible to heap corruption and potential system compromise. Users with privileges are at risk of unauthorized program installation, data access, and system control. Google addressed the vulnerability with updates in March 2025 and advised immediate user action to secure systems.

Source: https://cybersecuritynews.com/chrome-vulnerability-allows-arbitrary-code/

TPRM report: https://scoringcyber.rankiteo.com/company/google

"id": "goo252032425",
"linkid": "google",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 'Billions',
                        'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Google',
                        'type': 'Company'}],
 'attack_vector': 'Crafted web pages',
 'customer_advisories': 'Advised immediate user action to secure systems',
 'date_resolved': 'March 2025',
 'description': 'A critical memory vulnerability in the Chrome Lens component '
                'allows execution of arbitrary code via crafted web pages. '
                'This use-after-free issue poses a threat to user data and '
                'system control, prompting an urgent update. Pre-update '
                'versions of Chrome on Windows, Mac, Linux, and Android are '
                'susceptible to heap corruption and potential system '
                'compromise. Users with privileges are at risk of unauthorized '
                'program installation, data access, and system control.',
 'impact': {'systems_affected': ['Windows', 'Mac', 'Linux', 'Android']},
 'motivation': 'Unauthorized program installation, data access, and system '
               'control',
 'recommendations': 'Immediate update to secure systems',
 'response': {'communication_strategy': 'Public advisory to update Chrome',
              'remediation_measures': 'Urgent update to Chrome'},
 'title': 'Critical Security Flaw in Chrome (CVE-2025-2476)',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-2476'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

Nvidia

public 2 min read
Nvidia advised customers to ensure mitigations against Rowhammer attacks after researchers found one of its workstation-grade GPUs is susceptible. The…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.