Chrome High-Severity Vulnerabilities Allows Memory Manipulation and Arbitrary Code Execution

Google has issued an urgent security update for its Chrome browser, patching several vulnerabilities, including a high-severity vulnerability that could allow attackers to manipulate memory and execute arbitrary code on a user’s system.

The latest version, Chrome 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Windows and Mac, addresses these critical security issues, and users are strongly advised to update their browsers immediately.

The most significant vulnerability fixed in this update is identified as CVE-2025-8292, a “use-after-free” vulnerability discovered in Chrome’s Media Stream component.

use-after-free Vulnerability Enables Code Execution

This type of memory corruption vulnerability is particularly dangerous as a remote attacker can exploit it through a specially crafted HTML page.

If successful, an attacker could potentially crash the browser or execute malicious code, gaining unauthorized access to the affected system. This could lead to the installation of programs, theft or alteration of data, or the creation of new user accounts with full privileges.

An anonymous security researcher reported the CVE-2025-8292 vulnerability to Google on June 19, 2025, and was awarded $8,000 for their discovery through the Chrome Vulnerability Reward Program.

Google has restricted access to the full details of the bug to allow a majority of users time to apply the patch, a standard practice to prevent active exploitation.

This update is part of a series of security patches for Chrome version 138. Earlier in July, Google addressed other high-severity vulnerabilities, including a zero-day exploit known as CVE-2025-6558, which was actively being used in attacks.

That vulnerability, an issue of incorrect input validation in the ANGLE and GPU components, also posed a significant risk of sandbox escape.

Throughout June and July, Chrome 138 has received multiple updates to fix various security holes, including type confusion in the V8 JavaScript engine and other memory-related bugs.

Google’s security teams continuously work to uncover and resolve vulnerabilities through internal audits, fuzzing, and other security initiatives. The company relies on various tools like AddressSanitizer and MemorySanitizer to detect memory-related errors before they can be exploited.

The rollout of the latest Chrome version will continue over the coming days and weeks. Users can ensure their browser is updated by navigating to “Help” and then “About Google Chrome” in their browser menu.

Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches