Chrome High-Severity Vulnerabilities Allow Hackers to Gain Full Control

Google has released an urgent security update for Chrome, addressing critical vulnerabilities that could potentially allow attackers to gain complete control over users’ systems.

The stable channel has been updated to version 138.0.7204.168 for Windows and Mac, and 138.0.7204.168 for Linux, with the rollout expected to reach all users over the coming days and weeks.

Critical Security Flaws Discovered

The latest Chrome update addresses three significant security vulnerabilities, with two particularly concerning high-severity issues that have captured the attention of cybersecurity experts.

Both critical vulnerabilities involve type confusion errors in V8, Chrome’s JavaScript engine, which serves as the backbone for web page execution and performance.

Security researcher Shaheen Fazim discovered and reported both high-severity vulnerabilities on July 9, 2025, highlighting the ongoing efforts by the cybersecurity community to identify and address potential threats before they can be exploited maliciously.

Google has acknowledged these contributions through their security reward program, with one vulnerability earning an $8,000 bounty payment.

Type confusion vulnerabilities are particularly dangerous because they can allow attackers to manipulate how the browser interprets data types, potentially leading to memory corruption and arbitrary code execution.

When successfully exploited, these flaws could enable cybercriminals to bypass security measures, steal sensitive information, or install malicious software on victims’ computers.

Beyond addressing externally reported vulnerabilities, Google’s internal security teams have implemented numerous additional fixes discovered through comprehensive auditing processes.

These internal initiatives utilize advanced detection tools including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL to identify potential security weaknesses before they reach production environments.

The company maintains a policy of restricting access to detailed vulnerability information until the majority of users have updated their browsers with the necessary fixes.

This approach helps prevent malicious actors from exploiting known vulnerabilities while users are still running unpatched versions.

Chrome users should immediately update their browsers to the latest version to protect against these serious security threats.

The browser typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Chrome.”

 Given the severity of these vulnerabilities and their potential for exploitation, delaying this update could leave systems vulnerable to sophisticated cyberattacks that could compromise personal data, financial information, and system integrity.

Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now