Update now warning for billions of Chrome users.
Google has issued an emergency update for Chrome users, after its own Threat Analysis Group discovered and reported an actively exploited vulnerability last week. When a single security fix is rolled out this quickly, it’s critical to update immediately.
Google warns it is “aware that an exploit for CVE-2025-6554 exists in the wild,” and that “access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The high-severity vulnerability is a “Type Confusion in V8,” Google’s Javascript engine, which could allow hackers to remotely execute code on devices. This issue was mitigated “by a configuration change pushed out to Stable channel across all platforms.”
That config change took place a week ago and has been followed by this urgent software update. As usual, it will download to your device. You then need to restart your browser to ensure it installs. All your regular browsing tabs should be restored, but your Incognito private browsing tabs will not, so save any work before you exit Chrome.
Attacks exploiting CVE-2025-6554 will come by way of specially crafted HTML pages, and as usual while the assumption is this is very specifically targeted for now, once a vulnerability is in the public domain that can change quickly.
Chrome is essentially the default browser on Windows, despite Microsoft’s efforts to push Edge more widely. As such, this is primarily a Windows threat. That said, whatever device you’re using to run Chrome should be updated today.
We saw something similar last month — with another emergency update — which should frame the urgency. The latest update for Windows/ Mac is 138.0.7204.96/.97. We can expect this to prompt a U.S. government update mandate and deadline.