Google has released a critical security update for Chrome, patching a major vulnerability across multiple platforms. The affected versions include Chrome 139.0.7258.154/155 for Windows and macOS and 139.0.7258.154 for Linux. According to Google, there are no reports of this vulnerability being actively exploited in the wild, but the company emphasizes the importance of updating immediately. Other Chromium-based browser vendors, including Microsoft Edge, Brave, and Vivaldi, are expected to roll out corresponding updates in the coming days.
The patched vulnerability, identified as CVE-2025-9478, is a use-after-free flaw in the Angle graphics library and has been classified as critical. Interestingly, the discovery is credited to Google Big Sleep, an AI-powered tool based on the Gemini framework. Big Sleep is designed to autonomously detect vulnerabilities without human intervention, though Google emphasizes that all AI-discovered security findings are double-checked by expert researchers before publication. In this instance, the tool successfully identified a genuine critical flaw, demonstrating the growing potential of AI-assisted cybersecurity.
This is the second recent vulnerability discovered by Big Sleep; just a week prior, the AI had flagged another issue that was subsequently patched. As AI-generated code becomes increasingly common, tools like Big Sleep may become a standard part of the cybersecurity toolkit, capable of detecting subtle vulnerabilities that traditional methods might miss.
For users, updating Chrome is straightforward. The browser usually updates automatically, but you can also manually check for updates via Help > About Google Chrome. Google has simultaneously updated Chrome for Android (139.0.7258.158) to fix the same vulnerability. Looking ahead, Chrome 140 is expected to roll out next week, with a limited group of users already receiving early access this week.
Meanwhile, other Chromium-based browsers face varying update timelines. Microsoft Edge, Brave, and Vivaldi are currently aligned with last week’s security level, although Vivaldi uses Chromium 138 from the Extended Stable Channel rather than 139. Opera, however, remains behind; its stable version is still on Chromium 135, and its beta release, which uses Chromium 137, may not arrive until the release of Chrome 140. Users of these browsers should stay vigilant and expect updates soon.
