Google Chrome Security Warning — 19 Days To Update Deadline Issued
Update Google Chrome now.
With the cybersecurity world’s focus firmly on Microsoft and the ongoing SharePoint Server hacking fiasco, you might have forgotten that another technology giant, Google, still has its own security problems. Yes, I’m talking about the Google Chrome web browser, and the latest brace of confirmed vulnerabilities. As well as the two new high-severity and highly concerning security issues impacting Chrome users, the Cybersecurity and Infrastructure Security Agency has referenced yet another already-exploited vulnerability, as it urges all users to update before August 12. Here’s what you need to know and do.
Google Chrome 138 Security Update Confirmed
The Google Chrome browser is not unsafe. There, I’ve got that out of the way. Just because security vulnerabilities are discovered more often than spots on my back does not make Chrome insecure; there’s a pretty strong argument to suggest the opposite. The fact that so many eyes are on the browser, that so many people find and disclose these vulnerabilities before threat actors do, can be interpreted as a good thing, as it means that Google can fix them. Sadly, that isn’t going to cut the mustard with your average user who only sees that another security vulnerability has been found, another weakness that could lead to them being under attack.
The latest confirmation comes from Google Chrome’s Srinivas Sista in a July 22 posting, with two security vulnerabilities, both given a high-severity rating, being found by external security researchers.
CVE-2025-8010 and CVE-2025-8011 are both type confusion vulnerabilities in the Chrome V8 JavaScript engine. These are problematic, to say the least, as an exploit of the same could lead to the possibility of arbitrary code execution within the browser.
As such, Google is rolling out an update to all users that takes Chrome to 138.0.7204.168/.169 for Windows, Mac and 138.0.7204.168 for Linux, across the coming days and weeks. Don’t delay, make sure you have updated today rather than waiting for it to reach you. Head for Settings|Help|About Google Chrome to kickstart the update process, and don’t forget to relaunch the browser to activate the patched browser.
Google Chrome Update Deadline — 19 Days To Act
When it comes to the CISA warning that comes with an August 12 deadline to update the Google Chrome browser, this actually concerns an earlier vulnerability of the zero-day variety. Yep, one that is under active exploitation, hence the addition to the CISA Known Exploited Vulnerabilities catalog, which triggers a mandatory 21-day update deadline for certain Federal Civilian Executive Branch agencies. Now, don’t go thinking that this has nothing to do with you or your organization if you fall outside of that mandatory remit, because you would be foolish not to heed the CISA advice. “CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice,” the July 22 posting said.
I’ve said it before, and I will keep on saying it: do not wait, update Google Chrome and relaunch the browser whenever any security vulnerabilities have been confirmed. You know it makes sense.