Google has quickly addressed a serious security flaw in its Chrome browser, releasing updates for Windows, macOS, and Linux platforms. The fixed versions are 139.0.7258.154/155 for Windows and macOS and 139.0.7258.154 for Linux, with Chrome for Android 139.0.7258.158 receiving the same patch. Google reports that the flaw has not yet been exploited, but urges users to update immediately. Other Chromium-based browser developers, such as Microsoft Edge, Brave, and Vivaldi, are expected to follow suit with their own patches in the near future.
The vulnerability, CVE-2025-9478, is classified as critical and affects the Angle graphics library, creating a use-after-free scenario that could be exploited to execute arbitrary code. Notably, the discovery came from Google Big Sleep, an AI system built on the Gemini framework, designed to autonomously scan for vulnerabilities. While AI-driven security tools are still treated with caution and verified by human experts, Big Sleep has proven capable of accurately identifying critical issues, underscoring the potential for AI-assisted cybersecurity in modern software.
This latest patch follows a similar update last week, also prompted by Big Sleep, signaling a growing reliance on AI in identifying and mitigating risks in browser code. As AI-generated programs become more prevalent, tools like Big Sleep could become essential for preemptive vulnerability detection.
For users, updating Chrome is simple: the browser usually applies updates automatically, but you can trigger a manual update via Help > About Google Chrome. Android users should update to version 139.0.7258.158 to address the same vulnerabilities. Meanwhile, Chrome 140 is expected to release next week, though some users are already receiving early builds.
Other Chromium-based browsers are at varying levels of security readiness. Microsoft Edge and Brave are roughly aligned with last week’s security patches. Vivaldi, using Chromium 138 from the Extended Stable Channel, remains slightly behind. Opera is the most delayed, with its stable release still on Chromium 135 and its beta on Chromium 137. Users of these browsers should stay alert and update as soon as their vendor provides the corresponding security fixes.