Chrome Updates Patch Critical RCEs, Introduce Enhanced Security, Address React2Shell

Google Chrome 143 Bolsters Privacy and WebAssembly Security

• Chrome 143 introduces significant enhancements, including advanced privacy controls, an improved sandbox architecture, and a new WebAssembly security model designed to mitigate memory-related vulnerabilities.
• The update focuses on strengthening user data protection through stricter cookie policies and improved tracking prevention mechanisms within the browser.
• Developers are advised to review the updated WebAssembly security guidelines to ensure their applications comply with the new security model and exploit prevention features.

Source: CybersecurityNews | Date: December 08, 2025

React2Shell: Novel Exploit Chain Targets Web Applications with RCE

• React2Shell refers to a novel exploit chain that combines vulnerabilities in React frontend and Node.js backend frameworks to achieve remote code execution (RCE) on web servers hosting affected applications.
• The attack typically involves initial client-side vulnerabilities, such as cross-site scripting (XSS) or prototype pollution, which are then leveraged to escalate privileges and execute arbitrary code on the server.
• Developers are urged to patch React and Node.js applications to mitigate these RCE risks, with specific focus on input sanitization and secure configuration practices to prevent the exploit chain.

Source: The Cyber Throne | Date: December 07, 2025

CISA Adds Actively Exploited Chrome RCE (CVE-2024-5184) to KEV Catalog

• CISA has added CVE-2024-5184, a high-severity remote code execution (RCE) vulnerability in Google Chrome, to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.
• The flaw affects the Chromium V8 JavaScript engine and allows a remote attacker to execute arbitrary code via a specially crafted HTML page.
• All Google Chrome users are strongly advised to update their browsers immediately to the latest patched version to mitigate the risk of active exploitation.

Source: Security Affairs | Date: December 06, 2025

Chrome Patches High-Severity Heap Buffer Overflow (CVE-2024-5274)

• Google released security updates for Chrome to address CVE-2024-5274, a high-severity heap buffer overflow vulnerability in the browser's rendering engine.
• This memory corruption flaw could lead to arbitrary code execution or denial-of-service, typically exploited through malicious web content.
• Users should ensure their Chrome browsers are updated to the latest version to apply the patch and protect against potential exploitation.

Source: Security Affairs | Date: December 06, 2025

References

1. Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage - CybersecurityNews
2. React2Shell: The Silent Server Takeover – Exploit Chains and Threat Actor Onslaught - The Cyber Throne
3. Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold - Help Net Security
4. Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs
5. SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74 - Security Affairs
6. CVE-2024-5184 - NVD
7. CVE-2024-5274 - NVD