Google has announced a security update for its Chrome browser, addressing two vulnerabilities that have been identified and fixed in the latest versions. The updates are available for Chrome versions 137.0.7151.103/104 for Windows and macOS, and 137.0.7151.103 for Linux.
According to Google, these vulnerabilities are not currently being exploited in active attacks. Other manufacturers of Chromium-based browsers are expected to roll out similar updates in the coming days.
Both vulnerabilities have been classified as high risk by Google. If an attacker were to successfully exploit these issues, they could inject and execute arbitrary code.
One of the vulnerabilities was identified as a type mix-up within the V8 JavaScript engine, which could also enable the execution of injected code. In addition, Google has released Chrome for Android version 137.0.7151.89, which addresses the same vulnerabilities found in the desktop versions of the browser.
Typically, Chrome updates automatically when a new version is available. However, users can manually check for updates by navigating to the three-dot menu and selecting Help > About Google Chrome.
Google plans to release Chrome version 138 at the end of June. As for other Chromium-based browsers, their manufacturers are expected to publish updates in response to these vulnerabilities soon.
Brave and Microsoft Edge have already transitioned to Chromium version 137, aligning their security updates accordingly. In contrast, Vivaldi continues to utilize the Extended Stable Channel from the previous version, maintaining a similar security posture as Brave and Edge.
Meanwhile, Opera’s browser remains on the outdated Chromium 134, which no longer receives security updates from Google.