Update Chrome Now—Google Issues ‘Remote Attacker’ Warning
Update now warning for all Chrome users
dpa/picture alliance via Getty Images
Google has issued an emergency update for all desktop Chrome users, warning that a critical vulnerability in its ANGLE graphics engine could enable a “remote attacker” to target users via malicious web pages. This is the second such update in a week.
There has been no confirmation as yet that this has been exploited in the wild, and given it was found by Google’s Big Sleep AI threat hunter, the hope is that CVE-2025-9478 has been stopped before any such exploits are developed.
As ever, a Chrome update with a single security fix should be taken very seriously.
The newly released Chrome version 139.0.7258.154/.155 should download automatically to your PC. You will then need to restart the browser to ensure it installs. Your normal tabs will reopen, albeit your incognito (private browsing) tabs will not — so you need to ensure you save any work before the restart.
Per Cybersecurity News, “successful exploitation would allow attackers to achieve arbitrary code execution with the privileges of the Chrome renderer process, potentially leading to sandbox escape and full system compromise.”
This means that “attackers could leverage drive-by download attacks, malicious advertisements, or compromised websites to deliver exploit payloads targeting this memory corruption flaw.”
Meanwhile, last week’s vulnerability — CVE-2025-9132 — remains a serious threat until it’s patched. As long as you install this latest update, you will address both. Last week’s vulnerability affected Chrome’s V8 Java engine, but the risk is broadly the same.
That both these vulnerabilities were picked up by in-house AI is a promising sign of the leverage of new tools to keep the world’s most popular browser safe. Clearly, you need to do your bit now and ensure you update your own devices.