1.0 Introduction
Google recently released a Long-Term Support (LTS) Channel Update to address multiple high-severity vulnerabilities in the ChromeOS.
2.0 Impact
These vulnerabilities could potentially be exploited by attackers to achieve arbitrary code execution, data corruption, application crashes or compromise user data.
3.0 Affected Products
- CVE-2025-11756 : Use after free in Safe Browsing
- CVE-2025-11460 : Use after free in Storage
- CVE-2025-12036 : Inappropriate implementation in V8
- CVE-2025-8879 : Heap buffer overflow in libaom
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review Google Chrome’s releases for more information and apply the necessary updates. Users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.
Users may refer the following URL for more information about the update: https://chromereleases.googleblog.com/2025/11/long-term-support-channel-update-for.html
Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact the Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.cybersecurity.my/
5.0 References
- https://chromereleases.googleblog.com/
- https://chromereleases.googleblog.com/2025/11/long-term-support-channel-update-for.html
- https://www.cve.org/CVERecord?id=CVE-2025-11756
- https://www.cve.org/CVERecord?id=CVE-2025-11460
- https://www.cve.org/CVERecord?id=CVE-2025-12036
- https://www.cve.org/CVERecord?id=CVE-2025-8879