What is CVE-2025-9478?

CVE-2025-9478 is a critical use-after-free vulnerability in Google Chrome's ANGLE graphics library. While no CVSS score has been assigned yet, Google has classified it as 'critical'. This security flaw could enable attackers to execute arbitrary code on vulnerable systems through malicious web pages.

What is ANGLE and why is this vulnerability significant?

ANGLE (Almost Native Graphics Layer Engine) is a translation layer between Chrome's rendering engine and device-specific graphics drivers. The vulnerability in this component is significant because it enables program code to access resources that have already been released and have undefined content, creating opportunities for memory corruption and potential system compromise.

What is a use-after-free vulnerability?

A use-after-free vulnerability occurs when program code accesses resources that have already been released and have undefined content. This can lead to memory corruption and create opportunities for attackers to potentially compromise the system by executing arbitrary code.

Which Chrome versions are affected by CVE-2025-9478?

The vulnerability affects all Google Chrome versions prior to the patched releases on all platforms. This includes Windows, macOS, and Linux systems running older versions of Chrome.

When was the Chrome security update released?

Google released the security patches on Tuesday, August 26, 2025, as an urgent update to address the critical vulnerability in the ANGLE graphics library.

How can users verify their current Chrome version?

Users can verify their Chrome version by clicking on the menu icon (three stacked dots) in the browser, selecting 'Help,' then 'About Google Chrome.' This will display the current version number and automatically check for available updates.

What should users do to protect themselves from this vulnerability?

Users should immediately update their Chrome browser to version 139.0.7258.154 or higher (139.0.7258.155 on some Windows/macOS systems). This is an urgent security update that patches a critical vulnerability that could allow attackers to execute arbitrary code through malicious web pages.

What platforms are affected by this Chrome vulnerability?

The CVE-2025-9478 vulnerability affects Google Chrome on all major platforms including Windows, macOS, and Linux systems. Google has released patches for all these platforms simultaneously.

Advisory

Google releases emergency update for Chrome, patches critical flaw in ANGLE graphics library

Q: Which Chrome versions fix the CVE-2025-9478 vulnerability?

Google released security patches as part of Chrome Stable versions 139.0.7258.154/.155 on Windows and macOS, and 139.0.7258.154 on Linux. These versions contain the fix for the critical vulnerability.

Q: How can users update their Chrome browser?

Users can update Chrome by navigating to the menu icon (three stacked dots), selecting 'Help,' then 'About Google Chrome.' The browser will automatically check for and install available updates. On Linux systems, users may need to use their distribution's package management system to receive the update.

published: Aug. 27, 2025

Take action: Once again - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.

Learn More

Google has released an urgent security update for its Chrome web browser to patch a critical use-after-free vulnerability.

This vulnerability is tracked as CVE-2025-9478 (no CVSS score yet, but classified as "critical" by Google), is a security flaw in the ANGLE graphics library that could enable attackers to execute arbitrary code on vulnerable systems through malicious web pages. The ANGLE (Almost Native Graphics Layer Engine) component is a translation layer between Chrome's rendering engine and device-specific graphics drivers. The flaw enables program code to accesses resources that have already been released and have undefined content, creating opportunities for memory corruption and potential system compromise.

The vulnerability affects all Google Chrome versions prior to the patched releases on all platforms.

Google released the security patches as part of Chrome Stable versions 139.0.7258.154/.155 on Windows and macOS, and 139.0.7258.154 on Linux on Tuesday, August 26, 2025.

Users can verify their Chrome version and trigger manual updates by navigating to the menu icon (three stacked dots), selecting "Help," then "About Google Chrome." The browser will automatically check for and install available updates. On Linux systems, users may need to use their distribution's package management system to receive the update.

Google releases emergency update for Chrome, patches critical flaw in ANGLE graphics library

Read More
Phishing campaign abuses GitHub notifications to get users …
CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, …
Google releases new Chrome version, patches two high …
Mozilla releases patches for Firefox, Thunderbird to fix …
Microsoft releases April 2024 Patch fixing 150 flaws, …