Google Suddenly Updates Chrome — What You Need To Know And Do

Update Google Chrome now as safe browsing vulnerability confirmed.

Photothek via Getty Images

Updated October 20 with details of a high-priority security update for the Google ChromeOS, which also fixes 10 Chrome browser vulnerabilities including CVE-2025-11756.

Are you one of the estimated 3.5 billion people who use Google Chrome as their primary web browser? If so, pay close attention: Google has dropped a sudden security update, and you need to ensure you are protected by it right now. What you need to know, and do, about the Safe Browsing CVE-2025-11756 vulnerability.

Not all heroes wear capes. Or hoodies for that matter. Security heroes, however, wear their ability to uncover dangerous code vulnerabilities as a badge of honor, just like the teams at the respective vendors who fix them. The latest hero is a security researcher named Asnine, who is well known for finding vulnerabilities in Google Chrome.

ForbesGmail Account Lockout Warning — Users Must Check This 1 Setting NowBy Davey Winder

Google Confirms Emergency Security Update For Chrome Browser Users

I’m not saying that all security updates for Google Chrome shouldn’t be taken seriously; of course, they should, but some do beg your attention more than others. Such is the case with CVE-2025-11756, a high-rated use-after-free vulnerability impacting the Safe Browsing function of the Chrome web browser.

The seriousness of this vulnerability can be seen in the stable channel update notice published by Srinivas Sista from the Google Chrome team which confirmed that the sudden update addressed just the one solitary threat. This isn’t unprecedented, but it is rare. Usually, such Chrome security updates will patch a bunch of bugs that have been classified by the Common Vulnerabilities and Exposures system, along with others that do not meet that threshold. The update to Google Chrome versions 141.0.7390.107/.108 for Windows and Mac and 141.0.7390.107 for Linux is an exception to the rule, however.

ForbesUpdate Microsoft Windows Now — New 2 Week Security Deadline ConfirmedBy Davey Winder

As usual, Google isn’t releasing full details of CVE-2025-11756 “until a majority of users are updated with a fix.” Thankfully, that fix is out and should be with you by the time you read this. Equally thankfully, Google makes updating the Chrome browser with such security updates as simple as possible. The process is automatic, and you should see a flag as shown below when it has hit your desktop.

If you see this alert in your Chrome browser, click and follow the instructions for full protection.

Google/Davey Winder

Ensure you follow the instructions correctly, especially when it comes to relaunching your Chrome browser. If you do not, then the update will not be applied and won’t activate the security patch. Don’t worry, this shouldn’t impact all those open tabs you have, as Chrome saves these and reopens them upon restarting. You know what to do: make that check and relaunch your Google Chrome browser now.

ForbesLastPass Warns Of Hack Threat, Says ‘Do Not Change Master Password’By Davey Winder

Google Confirms ChromeOS and ChromeOS Flex Update To Fix High-Priority Security Vulnerability

Andy Wu, an IT manager with the ChromeOS team at Google, has now also confirmed that a ChromeOS and ChromeOS Flex update has been rolled out to Chrome devices. The update, M-141, ChromeOS version 16404.45.0 (Browser version 141.0.7390.115), fixes a total of 11 security vulnerabilities, one of which is a high-priority integer overflow issue that could lead to a denial-of-service attack against ChromeOS by the use of a malicious media file. CVE-2025-54957, is described by Wiz.io as “an open redirect flaw that allows attackers to craft malicious links redirecting users to arbitrary external URLs without their consent.” The impact, the Wiz.io analysis continues, being that the vulnerability “enables attackers to redirect users to malicious external websites without their knowledge or consent,” and “affects users with read-only permissions, potentially exposing them to phishing attacks or other malicious content.”

The Google update also fixes a total of ten Chrome browser security vulnerabilities, including the aforementioned CVE-2025-11756. The remaining nine vulnerabilities are: