Google has announced an update to the Stable channel of Google Chrome for desktop users and released a fix for high severity remote code execution vulnerability that resides in the v8 engine.
The latest version, 131.0.6778.264/.265, has been rolled out for Windows and macOS, while version 131.0.6778.264 is now available for Linux users.
The update will be gradually deployed over the next few days or weeks. A detailed changelog for this release can be accessed through the official log.
Key Security Improvements
The update includes four critical security fixes, one of which has been highlighted due to its impact and contribution by an external researcher:
- [$55,000 Reward | CVE-2025-0291] High Severity: Type Confusion in V8.
- This vulnerability was reported by security researcher “Popax21” on December 11, 2024.
- Google has acknowledged their work in improving Chrome’s security by awarding the significant bounty.
Google continues to emphasize its commitment to security by employing advanced tools and internal audits to identify and prevent vulnerabilities.
Many of the fixed issues in this release were identified using tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
In addition to the fixes contributed by external researchers, Google’s internal security team has worked on a variety of updates, as part of their routine audits and fuzzing initiatives.
One specific fix, tracked as [388088544], involved rectifying multiple issues identified through these internal processes.
Reporting Flaw and Community Engagement
Google has stated that full details of specific security vulnerabilities will remain restricted until a significant number of users have installed the update.
This policy also extends to bugs that affect third-party libraries, to prevent risks for other dependent projects that may not yet have implemented fixes.
According to the Security Report, Users encountering issues after the update can report bugs directly to Google or seek assistance through the Chrome community help forum.
Those interested in testing upcoming features can explore switching between Chrome’s release channels via instructions provided by Google.
Google expressed gratitude to the dedicated security researchers who collaborated with the company throughout the development cycle to ensure vulnerabilities are identified and patched before reaching the stable channel.
