Chrome Flaws Let Hackers Run Malicious Code Remotely

Google released a critical security update for its Chrome browser on May 21, patching eight vulnerabilities—including a high-severity flaw that could enable remote code execution. The most pressing issue, tracked as CVE-2025-5063, is a “use-after-free” vulnerability in Chrome’s Compositing system, which could allow attackers to run malicious code by luring users to compromised websites.

The update, issued as an early stable release for Windows and Mac, brings Chrome to version 137.0.7151.40/.41. Google said access to technical details is restricted until most users install the patch, signaling concern over potential exploitation in the wild.

Other flaws addressed include medium-severity bugs in Background Fetch, FileSystemAccess, and Messages components, as well as a low-severity issue in the Tab Strip UI. Security researchers reporting these flaws received bounties ranging from $500 to $4,000.

Users are urged to update Chrome immediately and enable automatic updates to protect against evolving threats.