Google has rolled out an important security update for Chrome, addressing multiple high-risk vulnerabilities across Windows, macOS, and Linux platforms. The latest versions—Chrome 138.0.7204.157 and 138.0.7204.158 for Windows and macOS, and 138.0.7204.157 for Linux—patch several serious flaws, including one actively exploited in the wild, emphasizing the urgent need for users to update promptly.
In its official Chrome Releases blog, Google’s security engineer Srinivas Sista detailed the discovery and patching of two critical vulnerabilities reported by external researchers. Both CVE-2025-7656 and CVE-2025-7657 are categorized as high risk. The first is an integer overflow flaw in Chrome’s V8 JavaScript engine, which could allow attackers to trigger memory corruption. The second is a use-after-free vulnerability in the WebRTC component, a key part of real-time communications in browsers, which could be exploited to execute malicious code.
Additionally, Google addressed CVE-2025-6558, another high-risk vulnerability found in the ANGLE graphics library and GPU component. This flaw stems from insufficient validation of untrusted user input, potentially enabling attackers to inject and run malicious code via graphics processing pathways. While Google remains tight-lipped about further internally detected vulnerabilities, the patched issues underscore persistent security challenges in the Chromium ecosystem.
Chrome typically updates automatically, but users can manually initiate an update by navigating to Help > About Google Chrome. The update is also available for Chrome on Android (138.0.7204.157) and iOS (138.0.7204.156), ensuring consistent protection across devices.
Other browsers built on Chromium—such as Microsoft Edge, Brave, and Vivaldi—are expected to release corresponding security updates soon. However, some, like Opera (currently on version 120.0.5543.61 based on Chromium 135), lag behind and remain exposed to known vulnerabilities dating back to April.
Google is preparing to launch Chrome 139 in early August, continuing its rapid update cycle to bolster security and performance.
