Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code

Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices.

The Stable channel has been updated to version 138.0.7204.183/.184 for Windows and Mac systems, and 138.0.7204.183 for Linux, with the rollout scheduled over the coming days and weeks.

Critical Security Flaw Patched

The update addresses four security vulnerabilities, with the most severe being a high-priority use-after-free vulnerability in Media Stream functionality.

This type of vulnerability occurs when a program continues to use memory after it has been freed, creating an opportunity for attackers to manipulate the freed memory space and potentially execute arbitrary code on the victim’s system.

The primary vulnerability, designated as CVE-2025-8292, was reported by an anonymous security researcher on June 19, 2025.

Google awarded the researcher $8,000 through its bug bounty program, highlighting the severity and potential impact of the security flaw.

Use-after-free vulnerabilities are particularly dangerous as they can lead to complete system compromise, allowing attackers to gain unauthorized access to sensitive data or install malware.

Beyond the externally reported vulnerability, Google’s internal security teams identified additional issues through ongoing audits and testing initiatives.

The company’s security infrastructure relies heavily on advanced detection tools including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL to identify potential security risks before they reach users.

Google’s proactive security approach involves multiple layers of protection and detection mechanisms.

The company utilizes sophisticated fuzzing tools and static analysis systems to identify memory corruption issues, control flow violations, and undefined behavior patterns that could be exploited by malicious actors.

These automated systems work continuously during the development cycle to prevent security vulnerabilities from reaching the stable release channel.

Users are strongly advised to update their Chrome browsers immediately to protect against potential exploitation.

The browser typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Google Chrome.”

Given the severity of the patched vulnerabilities, particularly the memory corruption issue, delaying the update could leave systems vulnerable to targeted attacks.

Google has temporarily restricted access to detailed bug information until the majority of users have installed the security update, following standard responsible disclosure practices to prevent widespread exploitation of the vulnerabilities.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!