The Chrome team has announced the promotion of Chrome 141 to the Stable Channel for Windows, Mac, and Linux. The release—version 141.0.7390.54 for Linux and 141.0.7390.54/55 for Windows and Mac—delivers 21 fixes, including patches for two high-severity that could have led to memory corruption and potential code execution.
The most significant addressed in this update is CVE-2025-11205, a heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG, this earned a $25,000 reward—the largest payout in this update. The Chrome team explained that heap buffer overflows can lead to out-of-bounds memory access, potentially allowing attackers to execute arbitrary code or trigger browser crashes. Given WebGPU’s role in modern web rendering and graphics acceleration, this posed a serious risk to both performance and security in everyday browsing.
Another critical fix, CVE-2025-11206, addresses a heap buffer overflow in the Video component. Reported by security researcher Elias Hohl, this was awarded $4,000. While less severe than the WebGPU flaw, this issue could still be exploited to manipulate memory during video playback, leading to crashes or potentially allowing malicious actors to execute harmful payloads. Considering Chrome’s extensive use of embedded video in websites and web applications, the risk profile for this vulnerability was also high.
In addition to the two high-severity patches, the update also resolved a range of medium- and low-severity :
- CVE-2025-11207: Side-channel information leakage in Storage.
- CVE-2025-11208: Inappropriate implementation in Media.
- CVE-2025-11209: Inappropriate implementation in Omnibox.
- CVE-2025-11210: Side-channel information leakage in Tab.
- CVE-2025-11211: Out-of-bounds read in Media.
- CVE-2025-11212: Inappropriate implementation in Media.
- CVE-2025-11213: Inappropriate implementation in Omnibox.
- CVE-2025-11215: Off-by-one error in V8.
- CVE-2025-11216: Inappropriate implementation in Storage.
- CVE-2025-11219: Use-after-free in V8.
Users on Windows, Mac, and Linux are strongly encouraged to update to Chrome 141 immediately to protect against potential exploitation.
- Chrome Releases Stable Channel Update Addressing High Security Vulnerabilities
- Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published
- Meta Updates AI Chatbot Guidelines to Block Harmful Interactions with Children
- Firefox 141 Arrives: AI Tab Grouping, Linux Memory Boosts, and WebGPU on Windows
- One Click Could Compromise Microsoft Edge
