What is Google's latest Chrome security update?

Google has released a security update for its Chrome browser, patching multiple high severity flaws including CVE-2025-8010 and CVE-2025-8011, both type confusion vulnerabilities in the V8 JavaScript engine with CVSS scores of 8.8.

What is CVE-2025-8010 in Google Chrome?

CVE-2025-8010 is a type confusion vulnerability in the V8 JavaScript engine with a CVSS score of 8.8. This flaw allows remote attackers to potentially exploit heap corruption through crafted HTML pages, enabling arbitrary code execution.

What is CVE-2025-8011 in Google Chrome?

CVE-2025-8011 is a type confusion vulnerability in the V8 JavaScript engine with a CVSS score of 8.8. Similar to CVE-2025-8010, this vulnerability enables remote attackers to exploit browser weaknesses via specially crafted web content.

What Chrome versions include the latest security fixes?

The stable channel has been updated to version 138.0.7204.168/.169 for Windows and Mac, and 138.0.7204.168 for Linux. The rollout is expected to reach all users over the coming days and weeks.

What is a type confusion vulnerability?

A type confusion vulnerability occurs when a program processes data as the wrong type, which can lead to memory corruption and potentially allow attackers to execute arbitrary code. In Chrome's case, these vulnerabilities affect the V8 JavaScript engine.

How can attackers exploit these Chrome vulnerabilities?

Attackers can exploit these vulnerabilities remotely through crafted HTML pages or specially crafted web content. The type confusion flaws in the V8 JavaScript engine can lead to heap corruption and enable arbitrary code execution on the victim's system.

Are there additional security fixes in this Chrome update?

Yes, Google included additional internal security fixes discovered through their comprehensive internal security auditing processes, using advanced detection tools and methodologies to identify potential vulnerabilities before they reach production environments.

What is the CVSS score for the Chrome vulnerabilities?

Both CVE-2025-8010 and CVE-2025-8011 have CVSS scores of 8.8, which indicates high severity vulnerabilities that pose significant security risks to users.

What is the V8 JavaScript engine?

V8 is Google's open-source JavaScript engine that powers Chrome browser and Node.js. It compiles JavaScript directly to native machine code, making it a critical component where vulnerabilities can have serious security implications.

How should users protect themselves from these Chrome vulnerabilities?

Users should update their Chrome browser to the latest version immediately. Chrome typically updates automatically, but users can manually check for updates by going to Chrome Settings > About Chrome to ensure they have the patched version.

When will the Chrome security update reach all users?

The rollout of the security update is expected to reach all users over the coming days and weeks. Google typically uses a gradual rollout process to ensure stability while delivering critical security fixes.

Advisory

Google releases Chrome security update patching high-severity JavaScript engine flaws

Q: Why doesn't Google provide full vulnerability details immediately?

Google maintains a policy of restricting access to detailed vulnerability information and technical specifics until the majority of users have successfully updated their browsers with the necessary security fixes. This helps prevent exploitation while users update.

published: July 23, 2025

Take action: This one is not urgent, but it's the smart thing to do. Update your Chrome and Chromium based browsers (Opera, Brave, Vivaldi, Edge...). These vulnerabilities will eventually be exploited so don't ignore patching. And it's super easy, all your tabs reopen.

Learn More

Google has released an security update for its Chrome browser, patching multiple high severity flaws.

Vulnerabilities summary

CVE-2025-8010 (CVSS score 8.8) - type confusion vulnerability in V8 JavaScript engine. This flaw allows remote attackers to potentially exploit heap corruption through crafted HTML pages, enablingarbitrary code execution.
CVE-2025-8011 (CVSS score 8.8) - type confusion vulnerability in V8 JavaScript engine. Similar to CVE-2025-8010, this vulnerability enables remote attackers to exploit browser weaknesses via specially crafted web content.
Additional internal security fixes discovered through Google's comprehensive internal security auditing processes, using advanced detection tools and methodologies to identify potential vulnerabilities before they reach production environments.

The stable channel has been updated to version 138.0.7204.168/.169 for Windows and Mac, and 138.0.7204.168 for Linux, with the rollout expected to reach all users over the coming days and weeks.

The company maintains a policy of restricting access to detailed vulnerability information and technical specifics until the majority of users have successfully updated their browsers with the necessary security fixes.

Google releases Chrome security update patching high-severity JavaScript engine flaws

Read More
Google releases update for Chrome and Chromium browsers …
Google Android March 2026 Security Bulletin Patches 129 …
Microsoft confirms Windows April 2025 security update creates …
Critical vulnerabilities in Google Home and Google Nest …
Google warns of actively exploited flaw in Samsung …