Google has rolled out Chrome 138 Stable Channel updates for all desktop platforms
- Windows: 138.0.7204.96/.97
- macOS: 138.0.7204.92/.93
- Linux: 138.0.7204.96
The update, released June 30, 2025, features incremental security patches and stability improvements. - Users will receive updates automatically through Chrome’s built-in updater over the coming weeks.
- The release follows Google’s standard staged rollout strategy to monitor deployment stability before full distribution.
Critical Zero-Day Vulnerability Mitigated
This update includes an emergency patch for CVE-2025-6554, a high-severity type confusion vulnerability in Chrome’s V8 JavaScript engine.
Discovered by Google’s Threat Analysis Group (TAG) researcher Clément Lecigne on June 25, the exploit was actively weaponized in the wild before mitigation.
Google implemented a server-side configuration change on June 26 to temporarily block attacks while the binary patch was finalized.
Technical analysis confirms the flaw allowed arbitrary code execution through malicious JavaScript type manipulations.
Chrome’s Control Flow Integrity (CFI) and AddressSanitizer security layers helped detect the exploit during internal fuzzing audits.
The patch modifies V8’s heap management and type validation routines to eliminate the memory corruption vector.
Enhanced Security Protocols and User Guidance
Google confirmed this marks the seventh zero-day patched in Chrome this year. The update demonstrates enhanced exploit response protocols, including:
- Restricted CVE details until the majority of user adoption
- Cross-platform mitigation within 24 hours of confirmation
- Coordination with third-party libraries (e.g., Chromium dependencies)
Users should verify their Chrome version via chrome://settings/help and apply updates immediately.
Enterprise administrators can enforce updates through GPO policies or Chrome Enterprise policies.
Security researchers are encouraged to report vulnerabilities via Chromium’s bug tracker using libFuzzer test cases.
Google maintains its $30,000 reward for qualifying V8 vulnerability reports through the Chrome Vulnerability Reward Program (VRP).
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(2)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=This update includes an emergency patch for CVE-2025-6554, a high-severity type confusion vulnerability in Chrome's V8 JavaScript engine.){kind=link}