Google has released an emergency security update for Chrome to fix a critical use-after-free vulnerability (CVE-2025-9478) discovered in the ANGLE graphics library. The flaw, rated with the highest CVSS severity score, was identified by Google’s AI-powered Big Sleep research team on August 11, 2025. It affects Chrome versions prior to 139.0.7258.154/.155 across Windows, Mac, and Linux. The issue arises from improper memory deallocation within ANGLE’s routines, which could be exploited through maliciously crafted web content to execute arbitrary code within the Chrome renderer process.

The vulnerability poses significant risks because ANGLE serves as a key component in translating OpenGL ES API calls into hardware-specific graphics APIs like Direct3D, Vulkan, and native OpenGL. Since ANGLE underpins GPU-accelerated tasks such as WebGL rendering and HTML5 Canvas operations, its compromise directly impacts a wide range of web applications. Successful exploitation could allow attackers to gain control of the renderer process, potentially escalating privileges via sandbox escape to achieve full system compromise.

Attackers could exploit this flaw through common web-based attack vectors such as drive-by downloads, malicious advertisements, or compromised websites that deliver specially crafted content. Exploits targeting ANGLE’s memory corruption could result in heap manipulation and arbitrary code execution, making this vulnerability a prime candidate for zero-day exploitation. Given ANGLE’s widespread usage in Chrome, the threat surface for mass exploitation is unusually high, especially against users who delay patching.

To mitigate the risks, organizations are strongly advised to immediately update Chrome to version 139.0.7258.154 or later. Google’s patch introduces fixes to ANGLE’s memory management and enhanced heap protection mechanisms. In parallel, security teams should reinforce defenses by implementing application allowlisting, network segmentation, browser isolation, and CSP headers. EDR solutions should be deployed to detect abnormal behaviors such as unusual process spawning, anomalous memory allocations, or suspicious network traffic. Considering the potential for real-world exploitation, rapid patch deployment combined with layered security controls is critical for reducing exposure.