Google has announced a significant update for its Chrome browser, addressing multiple vulnerabilities in the new versions 138.0.7204.157 and 138.0.7204.158 for Windows and macOS, along with version 138.0.7204.157 for Linux. Alarmingly, one of the vulnerabilities is reportedly being actively exploited in attacks.
Other browsers based on Chromium are expected to follow this update in the coming days. Among the issues are an integer overflow in the V8 JavaScript engine and a use-after-free vulnerability within the WebRTC component.
An underlying problem appears to stem from insufficient checks on untrusted user input in the ANGLE graphics library and GPU component, enabling attackers to inject and execute harmful code. Google has not disclosed details about other vulnerabilities discovered internally.
Typically, Chrome updates itself automatically whenever a new version is available. However, users can manually initiate an update check through the Help menu by navigating to “Help > About Google Chrome.”
Google has also released compatible versions for mobile platforms, including Chrome for Android 138.0.7204.157 and Chrome for iOS 138.0.7204.156, both addressing the same vulnerabilities as those found in desktop versions. Other manufacturers of Chromium-based browsers are now under pressure to release their own security updates.
Currently, Microsoft Edge, Brave, and Vivaldi remain at the security status prior to this Chrome update. Meanwhile, Opera 120.0.5543.61 continues to operate on the outdated Chromium 135, which still harbors various security vulnerabilities.
Looking ahead, Google is scheduled to launch Chrome version 139 at the beginning of August.