What is the Google Chrome emergency security update for CVE-2025-8292?

Google has released an urgent security update for its Chrome browser to patch CVE-2025-8292 (CVSS score 8.8), a use-after-free memory corruption issue affecting Chrome's Media Stream component. The vulnerability could allow attackers to execute arbitrary code, particularly impacting video conferencing, screen sharing, and live content streaming applications.

What is CVE-2025-8292 and how severe is it?

CVE-2025-8292 is a use-after-free memory corruption vulnerability with a CVSS score of 8.8, indicating high severity. The flaw affects Chrome's Media Stream component and could allow attackers to execute arbitrary code on affected systems, making it a serious security threat requiring immediate patching.

Which Chrome component is affected by CVE-2025-8292?

The vulnerability affects Chrome's Media Stream component, which is heavily used in video conferencing, screen sharing, and live content streaming applications. This makes the vulnerability particularly concerning for users who rely on Chrome for online meetings, webinars, and multimedia content creation.

Who discovered the CVE-2025-8292 vulnerability?

The vulnerability was reported by an anonymous researcher who was awarded $8,000 through Google's Vulnerability Reward Program. This demonstrates the value Google places on security research and responsible disclosure of critical vulnerabilities.

Why did Google release an emergency update for this single vulnerability?

The fact that Google chose to release an emergency update for a single flaw indicates that CVE-2025-8292 is a very serious security issue. Emergency updates are typically reserved for vulnerabilities that pose immediate and significant risks to user security, suggesting this flaw could be easily exploited or cause severe damage.

How can users manually update Chrome to fix CVE-2025-8292?

Users can manually check for and install the update by navigating to Chrome's settings menu and selecting 'Help' followed by 'About Google Chrome.' This will trigger Chrome to check for the latest version and automatically download and install the security update.

Should users wait for automatic Chrome updates or update manually?

Security experts strongly recommend users manually trigger the update process instead of waiting for automatic deployment. While the stable channel update will roll out over the coming days, the critical nature of CVE-2025-8292 makes immediate manual updating the safer approach.

What type of vulnerability is CVE-2025-8292?

CVE-2025-8292 is a use-after-free memory corruption vulnerability. This type of flaw occurs when a program continues to use a memory location after it has been freed, potentially allowing attackers to manipulate memory contents and execute arbitrary code on the affected system.

Which applications are most at risk from CVE-2025-8292?

Applications that heavily use Chrome's Media Stream component are most at risk, including video conferencing platforms, screen sharing tools, live content streaming applications, and any web-based multimedia applications that rely on Chrome's media capabilities for real-time audio and video processing.

How much was the bug bounty for discovering CVE-2025-8292?

Google awarded $8,000 to the anonymous researcher who discovered and reported CVE-2025-8292 through Google's Vulnerability Reward Program. This substantial reward reflects the serious nature of the vulnerability and Google's commitment to incentivizing security research.

What should Chrome users do immediately about CVE-2025-8292?

Chrome users should immediately update to version 138.0.7204.183/.184 (Windows/Mac) or 138.0.7204.183 (Linux) by manually checking for updates through Chrome's settings menu. Given the emergency nature of this update and the high CVSS score of 8.8, delaying the update could leave systems vulnerable to serious security exploits.

Advisory

Google releases one more urgent Chrome update

Q: What Chrome versions patch CVE-2025-8292?

Google released the emergency update as part of Chrome version 138.0.7204.183/.184 for Windows and Mac systems, and version 138.0.7204.183 for Linux distributions. These versions contain the fix for the critical Media Stream vulnerability.

published: July 30, 2025

Take action: This one is not urgent, but it is important. Nobody releases an update for just one flaw until there is something very important about that flaw. Update your Chrome and Chromium based browsers (Opera, Brave, Vivaldi, Edge...). It's very probable that this flaw will soon be reported as exploited. Patching is super easy, all your tabs reopen.

Learn More

Google has released another urgent security update for its Chrome browser to patch a vulnerability that could allow attackers to execute arbitrary code.

The vulnerability is tracked as CVE-2025-8292 (CVSS score 8.8) and is as a use-after-free memory corruption issue affecting the Chrome's Media Stream component which is heavily used in video conferencing, screen sharing, and live content streaming applications.

The anonymous researcher who reported this issue was awarded $8,000 through Google's Vulnerability Reward Program.

Google released this emergency update as part of Chrome version 138.0.7204.183/.184 for Windows and Mac systems, and version 138.0.7204.183 for Linux distributions.

The stable channel update will roll out over the coming days. Security experts strongly recommend users manually trigger the update process instead of waiting for automatic deployment.

The fact that Google chose to release an emergency update for a single flaw indicates that this is a very serious issue.

Users can manually check for and install the update by navigating to Chrome's settings menu and selecting "Help" followed by "About Google Chrome."

Google releases one more urgent Chrome update

Read More
Google Chrome 145 Update Patches 11 Vulnerabilities Including …
7-Zip vulnerability that enables remote code execution actively …
CutOut.Pro AI Tool 20 million user records breached, …
Mozilla releases patches for multiple flaws in Firefox …
Adobe releases April 2026 patches for multiple products