IF you use Google’s Chrome browser, stop what you’re doing and check for an update right now.
Google has pushed a fresh security release for Chrome and is urging its billions of users worldwide to install it as soon as possible.
1
The company has confirmed the new Stable Channel build is rolling out across desktop and mobile, with fixes for multiple security issues.
It’s important to note that you are safest after you have updated and restarted your device.
What’s the problem?
Google has flagged a new batch of security flaws, and you should update ASAP.
The most serious is CVE-2025-8901 – a high‑severity bug in ANGLE (the graphics tech Chrome uses).
In plain English, a dodgy, specially crafted web page could poke at your device’s memory where it shouldn’t, which is a big no‑no for security.
Google’s also outlined two medium‑severity issues:
- CVE-2025-8881: an “inappropriate implementation” in the File Picker (the bit that lets you choose files to upload).
- CVE-2025-8882: a “use‑after‑free” bug in Aura (Chrome’s interface layer), which can cause crashes or open the door to further exploits.
The good news is that there’s no evidence these have been used in real‑world attacks.
But some can be triggered remotely by just visiting a malicious page, so don’t sit on it – get the latest Chrome update and restart your browser to lock things down.
Why it matters
Chrome is the most widely used web browser, making it an attractive target for cybercriminals.
The latest update includes security fixes that decrease the risk of exposure to malicious websites and infected downloads.
Google usually withholds technical details until most users have installed the updates to prevent alerting attackers.
This is why it’s important to update your browser promptly.
Google has confirmed the latest Stable Channel release of Chrome (the latest Stable Channel release) with security fixes for Windows, Mac, and Linux, with Android and iOS following.
The company’s advisory amounts to a clear “update now” warning: install the patch and relaunch the browser to be protected.
If you leave it for later, Chrome won’t fully apply fixes until you close and reopen it.
How to update Chrome in 30 seconds
On Windows and Mac
- Open Chrome and click the three dots (top right)
- Go to Help > About Google Chrome
- Chrome will check for updates and download automatically
- Click Relaunch to finish
On Android
- Open Google Play Store
- Tap your profile > Manage apps & device > Updates available
- Find Chrome and tap Update (or search for Chrome and update from the app page)
- Reopen Chrome when it’s done
On iPhone and iPad
- Open the App Store
- Tap Updates (or your profile > Available Updates)
- Update Google Chrome
- Reopen the app
On Chromebook (ChromeOS)
- Click the clock > Settings > About ChromeOS
- Click Check for updates and Restart to update
How to check you’re protected
You don’t need to memorise version numbers. After you’ve updated:
- Go to Help > About Google Chrome on desktop
- If it says “Chrome is up to date” and you’ve relaunched, you’re covered
- On mobile, open Chrome > Settings > About Chrome to confirm the latest build is installed
If your update hasn’t appeared yet, don’t panic. Google staggers rollouts globally.
Try again later today, or grab the latest installer directly from Google’s Chrome site and reinstall over the top on the desktop.
Managed work devices may be controlled by your IT team, so check with them if updates are blocked.
Frequently asked questions
Does Incognito keep me safe from exploits? No. Incognito stops Chrome from saving your browsing history locally. It doesn’t shield you from security flaws. You still need updates.
Do I need to reinstall Chrome every time there’s an update? No. Chrome updates itself; you just need to relaunch. Only reinstall if the updater is broken or your install is corrupted.
Will I lose my tabs when I relaunch? Enable ‘Continue where you left off’ to restore tabs after a relaunch.
Is this the same as ETAs/patches I see for Android apps? Separate but similar idea. Chrome on Android updates via Google Play like any app. Desktop Chrome has its own updater.
What Google hasn’t said (yet) – and why
You’ll see Google acknowledge “security fixes” without always listing every vulnerability immediately.
That’s deliberate. By holding back technical specifics for a short window, they make it harder for bad actors to reverse‑engineer the flaw while users are still patching.
The takeaway for you is simple: the earlier you update, the better.
Why attackers love browsers
Your browser sits between you and the internet. If crooks can trick it, they can:
- Redirect you to fake banking or shopping pages
- Run code on your device via malicious websites
- Plant spyware through drive‑by downloads
- Steal saved passwords and cookies to hijack accounts
That’s why Google pushes security releases frequently – small, regular patches that keep the bad guys on the back foot.
Signs you might have been hit – and what to do
Most modern attacks aim to be invisible, but watch for:
- New toolbars or extensions you don’t recognise
- The home page or the search engine suddenly changed
- Pop‑ups and redirects on legit sites
- Unfamiliar logins or security alerts from your accounts
If you spot any of the above:
- Update Chrome immediately and relaunch
- Remove shady extensions in Extensions > Manage extensions
- Run a reputable antivirus/malware scan
- Change passwords for key accounts (email, banking) and turn on two‑factor authentication
