Is the browser control affected by these CVE's, and is so, when can we expect an update?
---
Google Chrome versions prior to 134.0.6998.88 (Linux), 134.0.6998.88/.89 (Windows) and 134.0.6998.88/.89 (Mac)
---
Several vulnerabilities have been fixed in the Google Chrome browser. They allow an unauthenticated remote attacker:to execute arbitrary code,to cause a denial of service,to illegally take knowledge of potentially sensitive data,to compromise data integrity.Note: Google signals they are aware of an exploit for CVE-2025-24201. However, Cert-IST is not aware of any public exploit code.
---
These vulnerabilities are due to:CVE-2025-1920, CVE-2025-2135: type confusion issues in V8 leading to heap memory corruption. They allow an unauthenticated remote attacker, by tricking the user into opening a specially crafted HTML page, to cause a denial of service or execute arbitrary code. CVE-2025-2136: a use-after-free issue in Chromium's developer tools leading to heap memory corruption. It allows an unauthenticated remote attacker, by tricking the user into opening a specially crafted HTML page, to cause a denial of service or execute arbitrary code. CVE-2025-2137: an out-of-bounds read issue in V8. It allows an unauthenticated remote attacker, by tricking the user into opening a specially crafted HTML page, to compromise data confidentiality or cause a denial of service. CVE-2025-24201: an undetailed out-of-bounds write issue in the GPU. It allows an unauthenticated remote attacker to compromise data integrity or cause a denial of service.
---

---

-: I also have a udp joke, but you might not get it :-