Google has released an urgent security update for its Chrome browser, addressing multiple vulnerabilities, including a critical high-severity flaw tracked as CVE-2025-8292, which could allow attackers to manipulate memory and execute arbitrary code on users' systems. This flaw, categorized as a use-after-free vulnerability in the Media Stream component, enables attackers to exploit memory after it has been freed, potentially leading to browser crashes or malicious code execution. Google strongly advises all users to update to Chrome version 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Windows and Mac, to protect against this and other security threats.

The CVE-2025-8292 vulnerability was responsibly disclosed to Google by an anonymous security researcher on June 19, 2025, who received an $8,000 bounty through Google's Chrome Vulnerability Reward Program. The vulnerability can be triggered via specially crafted HTML pages, posing a serious threat as it could grant attackers unauthorized access, allowing them to install programs, modify or steal data, or even create accounts with full administrative privileges. To prevent exploitation, Google has limited public access to technical details until most users apply the patch.

This latest patch is part of a broader security initiative by Google to address serious flaws in Chrome 138, which has undergone multiple updates throughout June and July 2025. Previously fixed vulnerabilities include CVE-2025-6558, a zero-day flaw involving improper input validation in the ANGLE and GPU components, which could allow sandbox escape and a dangerous escalation in attack severity. Other addressed issues involved type confusion in the V8 JavaScript engine and various other memory-related bugs that posed similar execution and stability risks.

Google continues to prioritize browser security through internal code audits, bug bounty programs, and advanced detection tools like AddressSanitizer and MemorySanitizer, which help catch memory errors before they’re weaponized. The update is rolling out gradually, and users are encouraged to manually verify their browser version by going to Help > About Google Chrome to ensure they are protected against these recently patched vulnerabilities.