If you're one of the estimated 3.45bn people who use Google Chrome — update your web browser immediately.
Engineers at Google have raced to patch a critical flaw discovered in the immensely popular web browser. Classified as a "zero-day vulnerability", which means hackers are actively exploiting the flaw, it's a race against time to ensure enough Google Chrome users download the fix before cybercriminals strike.
The emergency update was released in the hours since Google confirmed ambitions to automatically change bad passwords for all Chrome users, protecting people from so-called credential stuffing attacks online.
The vulnerability, codenamed CVE-2025-5419, allows attackers to execute malicious code on your computer. The high-severity bug affects how Chrome processes code from websites and web applications you visit. In the wrong hands, this flaw in the code could allow hackers to install malware on your laptop or desktop PC.
Clement Lecigne and Benoît Sevens from Google's Threat Analysis Group discovered and reported the flaw on May 27. Out-of-bounds memory access vulnerabilities are particularly dangerous as they enable attackers to read sensitive data from your system or write malicious code directly to memory.
Google responded swiftly to the threat, implementing emergency mitigation measures on May 28 by pushing a configuration change across all Chrome platforms. The company then released Chrome version 137.0.7151.68 for Windows, 137.0.7151.69 for Mac, and 137.0.7151.68 for Linux systems.
Update to these versions, or newer, without delay. This isn't a routine update — it's an urgent security fix to protect your system from ongoing attacks.
If you're unsure whether you're protected, head to Settings > About Chrome, which will automatically download and install the latest version. You'll need to restart Chrome for the update to take full effect.
LATEST DEVELOPMENTS
Google CEO Sundar Pichai on-stage discussing Google Chrome, the world's most popular web browser with over 60% marketshare
GETTY IMAGESSecurity experts are treating this as an urgent priority given the active exploitation. Your normal tabs will reopen after restarting, but incognito tabs won't, so save any important work first.
The update also addresses a second vulnerability, CVE-2025-5068, a use-after-free flaw in Chrome's Blink rendering engine. This medium-severity bug was reported by security researcher Walkman on April 7, 2025 and carries a $1,000 bounty reward. The US government has already mandated all federal employees must update Chrome by Thursday or stop using the browser altogether, following previous attack warnings.
More From GB News
Most Read
