Google quickly fixing vulnerabilities in Chrome browser
Breaking News: Urgent Chrome Update Addresses High-Risk Vulnerabilities
Google has released an emergency update for its Chrome browser, addressing six vulnerabilities, three of which are rated as high risk. The update, available in versions 138.0.7204.183/.184 for Windows, Mac, and Linux, and version 139.0.7258.138/.139 on the stable channel, was released on August 19, 2025.
The update resolves a critical out-of-bounds write vulnerability in the V8 JavaScript engine (CVE-2025-9132). This flaw, discovered by Google's Big Sleep AI tool on August 4, 2025, allows an attacker to write outside the allocated memory boundaries, potentially enabling arbitrary code execution remotely with user privileges.
Another notable vulnerability fixed is a use-after-free bug in the Media Stream component (CVE-2025-8292). This flaw could lead to memory corruption, causing browser crashes or the execution of malicious code, thereby enabling unauthorized access and possibly the installation of malware or privilege escalation.
The update also addresses vulnerabilities related to buffer overflow and process race conditions, although the specific components beyond the V8 and Media Stream bugs are not explicitly listed in the sources.
Google intentionally withholds details about the bugs until most users have updated to prevent potential misuse by criminals. It is, therefore, advisable not to wait for automatic installation of the update.
The found errors have not yet been exploited by hackers, but the duration of this remains uncertain. Given their severity—including remote code execution risks—prompt patching is critical.
The update is crucial for the 3.5 billion Chrome users, as these vulnerabilities provide an attacker with the opportunity to launch an attack through a fake HTML page. It is worth noting that Google has released an emergency patch for a critical error two weeks before the latest update, and patched eight other bugs just a week ago.
Users and organizations are strongly urged to update immediately via Chrome’s built-in updater to mitigate risks of arbitrary code execution, data compromise, or privilege escalation resulting from these vulnerabilities. The update reflects Google's use of advanced AI-powered tools for proactive detection and mitigation of memory corruption issues in Chrome.
- This emergency update for Chrome addresses high-risk vulnerabilities in cybersecurity, where a critical out-of-bounds write vulnerability in the V8 JavaScript engine has been resolved, potentially enabling arbitrary code execution remotely with user privileges.
- The update is essential in light of technology advancements, as the vulnerabilities fixed could lead to an attacker launching an attack through a fake HTML page, possibly resulting in data compromise, arbitrary code execution, or privilege escalation.
