Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN405
_____________________________________________________________________

DATE                : 27/06/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Google Chrome version prior to
                             138.0.7204.49/50.

=====================================================================
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html
_____________________________________________________________________

Stable Channel Update for Desktop
Tuesday, June 24, 2025

The Chrome team is delighted to announce the promotion of Chrome 138
to the stable channel for Windows, Mac and Linux. This will roll out
over the coming days/weeks.

Chrome 138.0.7204.49 (Linux)  138.0.7204.49/50 Windows and Mac
contains a number of fixes and improvements -- a list of changes
is available in the log. Watch out for upcoming Chrome and
Chromium blog posts about new features and big efforts delivered
in 138.

Extended stable channel has also been updated to 138.0.7204.50
for Win/Mac


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until
a majority of users are updated with a fix. We will also retain
restrictions if the bug exists in a third party library that other
projects similarly depend on, but haven’t yet fixed


This update includes 11 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.


[$4000][407328533] Medium CVE-2025-6555: Use after free in
Animation. Reported by Lyra Rebane (rebane2001) on 2025-03-30

[$1000][40062462] Low CVE-2025-6556: Insufficient policy
enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02

[$1000][406631048] Low CVE-2025-6557: Insufficient data
validation in DevTools. Reported by Ameen Basha M K on 2025-03-27


We would also like to thank all security researchers that
worked with us during the development cycle to prevent
security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible
for a wide range of fixes:

[427296461] Various fixes from internal audits, fuzzing and
other initiatives


Many of our security bugs are detected using AddressSanitizer,
MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow
Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here.
If you find a new issue, please let us know by filing a bug.
The community help forum is also a great place to reach out
for help or learn about common issues.

Srinivas Sista

Google Chrome

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================