![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![Ditching a Microsoft Job to Enter Startup Hell with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2-Hands-On-Preview-Mario-Kart-World-Impressions-&-More!-00-10-30.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-xl.jpg)
![New iPad 11 (A16) On Sale for Just $277.78! [Lowest Price Ever]](https://www.iclarified.com/images/news/97273/97273/97273-640.jpg)
![Apple Foldable iPhone to Feature New Display Tech, 19% Thinner Panel [Rumor]](https://www.iclarified.com/images/news/97271/97271/97271-640.jpg)
![[Weekly funding roundup May 3-9] VC inflow into Indian startups touches new high](https://images.yourstory.com/cs/2/220356402d6d11e9aa979329348d4c3e/WeeklyFundingRoundupNewLogo1-1739546168054.jpg)
Chrome Security Patch Addresses WebAudio Vulnerability Allowing Code Execution
Google has released a critical security update for Chrome, addressing a vulnerability that could allow attackers to execute malicious code through the browser’s WebAudio component. According to an announcement published on Tuesday, May 6, 2025, the stable channel has been updated to version 136.0.7103.92/.93 for Windows and Mac systems and 136.0.7103.92 for Linux platforms. Use-After-Free in WebAudio […] The post Chrome Security Patch Addresses WebAudio Vulnerability Allowing Code Execution appeared first on Cyber Security News.
Google has released a critical security update for Chrome, addressing a vulnerability that could allow attackers to execute malicious code through the browser’s WebAudio component.
According to an announcement published on Tuesday, May 6, 2025, the stable channel has been updated to version 136.0.7103.92/.93 for Windows and Mac systems and 136.0.7103.92 for Linux platforms.
Use-After-Free in WebAudio
The primary security fix addresses CVE-2025-4372, a Use-After-Free (UAF) vulnerability in Chrome’s WebAudio API. This flaw potentially enables remote attackers to exploit heap corruption through specially designed HTML pages.
Huang Xilin of Ant Group Light-Year Security Lab discovered and reported the vulnerability on April 20, 2025, earning a $7,000 bounty as part of Google’s vulnerability rewards program.
“Use-after-free is a memory corruption vulnerability that occurs when a program continues to use memory after it has been freed,” explains security researcher Michael Wilson, who contributed to the fix.
“In this case, the MediaStreamAudioDestinationNode wasn’t properly managed, allowing potential attackers to manipulate freed memory addresses to execute arbitrary code.”
Though Google officially categorized the vulnerability as “Medium” severity, several security vendors, including Tenable, have rated it as “Critical” with a CVSS base score of 9.8, indicating the potential for significant exploitation.
The vulnerability has received an exceptionally high rating because it requires no user privileges and minimal user interaction to exploit.
Risk Factors Details Affected Products Google Chrome versions prior to 136.0.7103.92 Impact Remote attackers can exploit heap corruption to execute malicious code Exploit Prerequisites User interaction (visiting a malicious webpage with crafted HTML) CVSS 3.1 Score Medium
The fix involved making MediaStreamAudioDestinationNode an ActiveScriptWrappable component, preventing the premature destruction of audio nodes while active scripts still use them.
This implementation addresses the root cause of the memory corruption vulnerability.
This isn’t the first time Chrome’s WebAudio component has been targeted. Similar vulnerabilities, including CVE-2023-6345 and CVE-2024-0224, were discovered in previous versions, highlighting the consistent security challenges posed by complex audio processing in web browsers.
Google’s security team emphasized that many of their security bugs are detected using specialized tools, including AddressSanitizer (ASan), MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
AddressSanitizer is particularly effective at identifying memory errors like use-after-free conditions, though it can make applications 2-4 times slower during testing.
The update includes various security improvements from internal audits, fuzzing, and other initiatives, in addition to the WebAudio vulnerability fix.
The update will roll out automatically to users over the coming days and weeks. However, security experts recommend manually updating immediately by navigating to Chrome’s settings (chrome://settings/help) to check for and install the latest version.
Tax Scams Are Getting Smarter – Check Malicious Domains With Domain Research Suite
The post Chrome Security Patch Addresses WebAudio Vulnerability Allowing Code Execution appeared first on Cyber Security News.
