Update Chrome right now to avoid these 5 newly discovered vulnerabilities

Google has issued an urgent security update for Chrome users worldwide, warning of five newly discovered vulnerabilities—three rated high-severity and two medium-severity—that could allow attackers to hijack devices, steal sensitive data, or execute malicious code. The advisory comes alongside a “high-risk” warning from India’s Computer Emergency Response Team (CERT-In), urging billions of users to act immediately to safeguard their systems.

These are the vulnerabilities that can affect you right now

The latest Chrome security flaws include:

1. CVE-2025-1920 and CVE-2025-2135: Type confusion bugs in Chrome’s V8 JavaScript engine, which could enable arbitrary code execution.
2. CVE-2025-2136: A use-after-free flaw in Chrome’s inspector component, risking memory corruption.
3. CVE-2025-2137: An out-of-bounds memory read issue in V8, potentially leaking sensitive data.
4. An unpatched GPU-related vulnerability involving out-of-bounds memory writes.

CERT-In emphasized that such vulnerabilities could allow attackers to bypass security protocols, access passwords, banking details, and personal data, or install malware through compromised websites.

While Google has rolled out fixes for desktop users (Chrome 134.0.6998.88/.89 for Windows/Mac and 134.0.6998.88 for Linux), merely updating isn’t enough. Restarting the browser is essential to activate the patch. Here’s what cybersecurity expert Davey Winder said:

Automated updates are meaningless if users delay restarting Chrome. Attackers exploit this window of vulnerability aggressively.

Key recommendations from CERT-In

CERT-In’s advisory aligns with Google’s urgency, advising users to:

1. Update Chrome immediately to the latest version (check via Help > About Google Chrome).
2. Restart the browser to apply the update—saved tabs will reload automatically.
3. Enable automatic updates to prevent future risks.
4. Avoid suspicious browser extensions and websites.
5. Use strong, unique passwords and antivirus software.

Google’s phased rollout means updates may take days to reach all users. However, with exploit code for V8 and GPU flaws likely already circulating, delaying action increases exposure to phishing, financial fraud, and system takeovers. CERT-In specifically flagged risks for users on pre-130.0.6723.69 versions, though newer builds are also affected.

Additionally, you can try one of these super secure combos we’ve researched to keep your PC and data safe.

With cybercriminals increasingly targeting browser vulnerabilities, proactive measures are critical. Chrome users must prioritize this update-restart cycle to mitigate what CERT-In calls a “severe and imminent” threat. Stay vigilant, and ensure your browser—and habits—stay secure.