Google has issued an emergency update for Chrome to address a significant vulnerability found in recent versions of the browser. The affected versions include 138.0.7204.96/97 for Windows, 138.0.7204.92/93 for macOS, and 138.0.7204.96 for Linux. This vulnerability is particularly concerning as it is reportedly being exploited in real-world attacks.
It is expected that developers of other Chromium-based browsers will also release updates soon. This recurring issue relates to a type mix-up within the V8 JavaScript engine, a problem that appears regularly. The vulnerability was identified by Clément Lecigne from Google’s Threat Analysis Group (TAG), who is known for uncovering zero-day vulnerabilities in Chrome on several occasions.
Lecigne reported this specific problem on June 25, leading Google to implement a temporary configuration change across all Chrome installations the following day. The current update is intended to fully resolve the issue. Typically, Chrome updates itself automatically when new versions are accessible.
However, users can manually check for updates by navigating to Help > About Google Chrome in the menu. In addition to the desktop browsers, Google has also released updates for Chrome on Android (version 138.0.7204.63) and iOS (version 138.0.7204.119), both of which address the same vulnerabilities found in the Android version. Looking ahead, Google plans to launch Chrome version 139 at the end of July, while other Chromium-based browsers like Microsoft Edge and Brave have already upgraded to Chromium 138.
Vivaldi is in the final stages of developing its new version 7.5 with Chromium 138, whereas Opera is rolling out an update to version 119.0.5497.141, still utilizing the outdated Chromium 134.