Google has issued an pressing safety replace for its Chrome browser, patching a number of vulnerabilities, together with a high-severity vulnerability that might permit attackers to control reminiscence and execute arbitrary code on a person’s system.
The most recent model, Chrome 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Home windows and Mac, addresses these vital safety points, and customers are strongly suggested to replace their browsers instantly.
Probably the most vital vulnerability mounted on this replace is recognized as CVE-2025-8292, a “use-after-free” vulnerability found in Chrome’s Media Stream part.
use-after-free Vulnerability Permits Code Execution
One of these reminiscence corruption vulnerability is especially harmful as a distant attacker can exploit it by a specifically crafted HTML web page.
If profitable, an attacker may probably crash the browser or execute malicious code, gaining unauthorized entry to the affected system. This might result in the set up of packages, theft or alteration of knowledge, or the creation of latest person accounts with full privileges.
An nameless safety researcher reported the CVE-2025-8292 vulnerability to Google on June 19, 2025, and was awarded $8,000 for his or her discovery by the Chrome Vulnerability Reward Program.
Google has restricted entry to the complete particulars of the bug to permit a majority of customers time to use the patch, a normal follow to forestall energetic exploitation.
This replace is a part of a collection of safety patches for Chrome model 138. Earlier in July, Google addressed different high-severity vulnerabilities, together with a zero-day exploit often called CVE-2025-6558, which was actively being utilized in assaults.
That vulnerability, a difficulty of incorrect enter validation within the ANGLE and GPU parts, additionally posed a major threat of sandbox escape.
All through June and July, Chrome 138 has obtained a number of updates to repair varied safety holes, together with sort confusion within the V8 JavaScript engine and different memory-related bugs.
Google’s safety groups repeatedly work to uncover and resolve vulnerabilities by inside audits, fuzzing, and different safety initiatives. The corporate depends on varied instruments like AddressSanitizer and MemorySanitizer to detect memory-related errors earlier than they are often exploited.
The rollout of the most recent Chrome model will proceed over the approaching days and weeks. Customers can guarantee their browser is up to date by navigating to “Assist” after which “About Google Chrome” of their browser menu.
Combine ANY.RUN TI Lookup along with your SIEM or SOAR To Analyses Superior Threats -> Attempt 50 Free Trial Searches
