Google Issues Emergency Chrome Security Update — Act Now
Update Chrome now as emergency security fix drops.
Update, April 26, 2025: While there is no additional news regarding the emergency Google Chrome update vulnerability, this story, originally published April 23, has been updated with information regarding two newly confirmed critical vulnerabilities and how Google’s new browser security technology has closed them down.
In the same way that there are seemingly never-ending stories about Windows being under attack from threat actors, so Google’s Chrome browser is constantly being poked with the “you are being tracked” privacy stick, as well as the inevitable stream of “browser hacked” articles. These are often, to say the least, somewhat thin in respect to the actual threat posed. It’s worth keeping your eyes open for the important stuff, like emergency Chrome updates that could prevent your accounts, passwords and data from being stolen. One such update to Chrome 135 has just been confirmed, and you need to take action now.
Google’s Mysterious Emergency Chrome Security Update
I do my best to bring you meaningful warnings to alert you to real-world threats, such as Google emails being used to hack Gmail accounts, 2FA cookie-stealer attacks and drive-by threats targeting Chrome app downloads. I also regularly publish advisory articles when Google has fixed new security issues in Chrome, usually as a result of external researchers’ discovery of vulnerabilities. This is such an article, but with a twist: I don’t know what the security issue that has been confirmed actually is, I only know it must be critical for Google to issue an emergency fix dealing with just this single, mysterious issue.
In an April 22 statement, Google’s Prudhvi Kumar confirmed that the Chrome browser is vulnerable to a single new issue. That’s it. There’s no hint whether this was found by external researchers or Google’s own internal security teams. There’s no Common Vulnerabilities and Exposures CVE number. There’s no information at all.
And that, dear reader, is as worrying as it is unusual. I can’t recall ever coming across such a security update from Google before. What I do know is that, as the issue is obviously serious enough to roll out a security update now rather than wait until the next Patch Tuesday, it’s serious enough for you to install and activate immediately. Don’t wait for the automatic update to arrive in the “coming days and weeks,” as Google always likes to say, but take steps to kickstart that process right now.
I have approached Google for further information regarding this security issue and will update this article if I discover anything.
Two Newly Discovered Critical Google Chrome Vulnerabilities Confirmed
The SSD Secure Disclosure Technical Team has published a new report confirming that its vulnerability research has identified not one, but two, new and critical use-after-free issues affecting the Google Chrome browser. Crediting the find to an SSD researcher working in Korea, the report said the vulnerabilities impacted Chrome versions from 133.0.6835.0 but before 135.0.7016.0 — but the latest browser security technology from Google, MiraclePtr, “they are no longer exploitable.”
Had they been exploited, however, SSD reported that an attacker would have been able to use “well-known heap spraying techniques“ in order to be able to get arbitrary code execution outside the browser’s security sandbox — or they would have, at least, before MiraclePtr entered the equation. “Both of the vulnerabilities discovered are protected by MiraclePtr,” the report confirmed, “and thus are not exploitable.”
MiraclePtr is specifically designed to prevent the exploitation of use-after-free vulnerabilities. It stops objects from being freed from memory under certain circumstances and, thus, “makes it impossible for an attacker to reclaim that memory region via heap spraying or similar techniques.”
How To Update Google Chrome 135 Immediately
The latest Google Chrome security update will take your browser to the following version number, depending upon the operating system platform:
- Android – 135.0.7049.111
- Linux – 135.0.7049.114
- Mac – 135.0.7049.114/.115
- Windows – 135.0.7049.114/.115
To kickstart the process and get the necessary protection against this mysterious security issue, circumventing any rollout delay, head for Settings|About Chrome, and Chrome will automatically start checking to determine if you already have the latest version. If you do not, then Chrome will initiate a download, followed by installation of the patched version.
This is critical, though: your patched version of Chrome will only provide the protection you need if it has been properly activated. Ensure you hit the relaunch button to complete the installation.