Google has released a critical update for its Chrome browser that fixes several severe vulnerabilities, including one that could allow attackers to manipulate memory and execute arbitrary code on users’ systems. The latest version, Chrome 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Windows and Mac, addresses these urgent security issues and all users are advised to update their browser immediately.
Update your browser right now
The most significant vulnerability in this update is CVE-2025-8292, a ‘use-after-free’ type flaw found in the Media Stream component of Chrome. This type of memory corruption vulnerability is particularly dangerous, as a remote attacker can exploit it through a malicious HTML page. If successful, the attacker could crash the browser or execute malicious code, which could result in the installation of unauthorized programs, theft or alteration of data, or the creation of new user accounts with full privileges.
The anonymous security researcher who discovered the vulnerability CVE-2025-8292 reported it to Google on June 19, 2025, and received a reward of $8,000 through the Chrome Vulnerability Reward Program. Google has restricted access to the full details of the bug to allow most users to apply the patch, a standard practice to prevent the active exploitation of vulnerabilities.
This update is part of a series of security patches for Chrome 138. Previously, in July, Google addressed other serious vulnerabilities, including CVE-2025-6558, a zero-day exploit that was actively being used in attacks. Throughout June and July, Chrome 138 has received multiple updates to fix various security flaws, including type confusion in the V8 JavaScript engine and other memory-related errors.
Google’s security teams are constantly working to discover and resolve vulnerabilities through internal audits and other security initiatives. Users can ensure that their browser is up to date by going to “Help” and then “About Google Chrome” in the browser menu.
