Critical security flaw in Chrome discovered by Google's own AI

[breske]

Just a quick but important heads-up for anyone using Google Chrome
If you're using wallets, trading tools or browsing exchanges via Chrome you're potentially exposed unless you're already updated

recently a zero-day flaw in Chrome’s ANGLE/GPU components, allowing attackers to bypass sandbox protections and potentially execute arbitrary code via malicious WebGL or GPU content
Anyone using the browser should make sure they are using the latest version
Ensure your Chrome browser (or any Chromium-based variant) is updated to at least version




In the version announcement, Google remains famously tight-lipped about the details of the vulnerability. It is a "use after free" bug where the program code accesses resources that have already been released and therefore have undefined content. This bug can be found in the WebGL render backend Angle (CVE-2025-9478 / EUVD-2025-25822, no CVSS yet, but"critical" risk according to Google). The CVE entry at least reveals that attackers from the network can abuse a memory error on the heap, for example with carefully prepared HTML web pages – often succeeding in infiltrating and executing malicious code, which can also be assumed here due to the severity.

The developers have patched the vulnerability in Google Chrome versions 139.0.7258.158 for Android, 139.0.7258.154 for Linux and 139.0.7258.154/.155 for macOS and Windows. The update is now available for download

If you’re using Chrome—or any Chromium-based browser like Edge, Brave, Opera, or Vivaldi—update immediately to the patched versions to protect against these active threats.

Source  https://cybernews.com/security/critical-chrome-flaw-discovered-by-google-ai/
           https://www.heise.de/en/news/Google-Chrome-Update-closes-critical-security-vulnerability-10622372.html

[Euphykorie]

This is really thoughtful though,thanks. Let me go and update my browser now.

One question though, would using a dedicated wallet app ( like trust wallet or hardware wallet) keep us safe even if the browser has such vulnerabilities or would browsing exchanges still put us at risk?

[Patikno]

The developers have patched the vulnerability in Google Chrome versions 139.0.7258.158 for Android, 139.0.7258.154 for Linux and 139.0.7258.154/.155 for macOS and Windows. The update is now available for download

If you’re using Chrome—or any Chromium-based browser like Edge, Brave, Opera, or Vivaldi—update immediately to the patched versions to protect against these active threats.

Source  https://cybernews.com/security/critical-chrome-flaw-discovered-by-google-ai/
           https://www.heise.de/en/news/Google-Chrome-Update-closes-critical-security-vulnerability-10622372.html

Not only is it necessary to update Chrome, but we also need to update our antivirus. If possible, install a reliable antivirus and perform regular scans, especially deep scans, which are useful for checking everything. Some antivirus programs also integrate with browsers, such as Mozilla or Chrome, which is also useful for anticipating attacks on our browsers. So far, those are some of the things I do frequently, so I feel safe until now.

For our information, Google Chrome actually has an Advanced Protection Program (APP) to improve security for its users. Activating it is quite easy, but it seems to require an Android smartphone to use it, CMIIW. So I think it is worth knowing about or even trying this protection, especially for Chrome users. Here is a link you can try: Google - Advanced Protection Program

Here are some explanations regarding the program : Google Blog - Advanced Protection: Google’s Strongest Security for Mobile Devices

[_act_]

Not only is it necessary to update Chrome, but we also need to update our antivirus. If possible, install a reliable antivirus and perform regular scans, especially deep scans, which are useful for checking everything. Some antivirus programs also integrate with browsers, such as Mozilla or Chrome, which is also useful for anticipating attacks on our browsers. So far, those are some of the things I do frequently, so I feel safe until now.

I prefer to learn how to avoid the malware instead which will be very helpful for people than to just download antivirus instead. I am not saying antivirus is not good but it should not be depended on than knowing how malware get into devices and prevent it instead.

It is good to know that I am not using Chrome. It is an anti-privacy browser.

[d5000]

While this was a "whitehat" use of AI to discover a vulnerability, it is actually an excellent example how AI could also be used on "blackhat" attacks on software infrastructure. And this includes cryptocurrencies, as there are lots of possible "entry doors" for malicious activities. Imagine a LLM run by blackhats specialized in vulnerabilities.

I had a discussion about that in the German forum recently about PoS coins. As PoS is not objective, a sequence of vulnerabilities in networking, identity management (via impersonation/identity theft or simple hacking of essential nodes who connect to new network participants), and server infrastructure could lead into disruptions in the validation process. Bitcoin, with its more "objective" PoW mechanism, is less in danger, albeit it's not totally safe -- imagine a coordinated, AI-driven hack of mining pool software.

As AI is basically a very generalist searching solution which can get better (due to machine learning and evolving / improving data sets) on discovering opportunities for attacks, this could indeed drive up the security cost for all software which can be exploited in any way to get financial gains.

[348Judah]

Just a quick but important heads-up for anyone using Google Chrome
If you're using wallets, trading tools or browsing exchanges via Chrome you're potentially exposed unless you're already updated

Attacks are going the more in various ways and they are using the browsers which we common use to set for this attacks, people should be very careful, especially being mindful of the entry routes this could be introduced to their device browser, you can imagine a number that have been affected already, some knowing it and some without having an idea of what its all about, we have to always stay updated for more warnings on such regards, thanks for sharing this OP.

[Majestic-milf]

 Thanks for the update, op. I also make use of Google Chrome and may have overlooked the prompt to update because as far as it can let me do my stuff with it, I don't often update it and i know there's people like me who don't often take updates seriously. 

[avp2306]

Not only is it necessary to update Chrome, but we also need to update our antivirus. If possible, install a reliable antivirus and perform regular scans, especially deep scans, which are useful for checking everything. Some antivirus programs also integrate with browsers, such as Mozilla or Chrome, which is also useful for anticipating attacks on our browsers. So far, those are some of the things I do frequently, so I feel safe until now.

I prefer to learn how to avoid the malware instead which will be very helpful for people than to just download antivirus instead. I am not saying antivirus is not good but it should not be depended on than knowing how malware get into devices and prevent it instead.

It is good to know that I am not using Chrome. It is an anti-privacy browser.

Antivirus is good since this is additional security layer for us. But it would be so good to people to know on how to avoid those malwares since awareness that this situation exist for sure it give them doubt to download suspicious links online.

That's why I never immediately go on what I see everywhere and I go to legitimate sources if I need something online.

I'm using chrome but I'm not worried about those recent security flaws since I don't book mark sites nor save password automatically and don't store any important details on my computer.
'

[cryptoaddictchie]

Thanks for the heads up OP! This is an important reminder. Zero day flaws in Chrome’s GPU/ANGLE components are no joke, especially for anyone using wallets, trading platforms, or handling sensitive data in your computer. Since attackers can exploit this through malicious web content to run arbitrary code, updating to the latest patched version is the safest move. Keeping browsers up to date should always be a priority, but in cases like this it’s absolutely critical so everyone must be aware or else this could lead bad for anyone.

[coyhasmon]

Not only is it necessary to update Chrome, but we also need to update our antivirus. If possible, install a reliable antivirus and perform regular scans, especially deep scans, which are useful for checking everything. Some antivirus programs also integrate with browsers, such as Mozilla or Chrome, which is also useful for anticipating attacks on our browsers. So far, those are some of the things I do frequently, so I feel safe until now.

This advice is outdated, the times of separate AV are gone. Most people are fine with Microsoft Defender. Better yet, just switch to Linux to avoid most malware.

Thanks for the heads up OP! This is an important reminder. Zero day flaws in Chrome’s GPU/ANGLE components are no joke, especially for anyone using wallets, trading platforms, or handling sensitive data in your computer. Since attackers can exploit this through malicious web content to run arbitrary code, updating to the latest patched version is the safest move. Keeping browsers up to date should always be a priority, but in cases like this it’s absolutely critical so everyone must be aware or else this could lead bad for anyone.

A good method for avoiding exploits is to not use the same machine for surfing. If you only access the same links that you need for wallets, trading platforms and such through bookmarks the likelihood that you will get hacked this way drops down significantly. There must exist a big vulnerability such as this one but also at the same there must be a hack on one of the websites that you are using at that time. Very low chance I think.

[Zoomic]

Thanks for the update, op. I also make use of Google Chrome and may have overlooked the prompt to update because as far as it can let me do my stuff with it, I don't often update it and i know there's people like me who don't often take updates seriously. 

I also do not take updates seriously, maybe I am going to update now.
Meanwhile, let me rephrase the topic title for you so that you will get to understand it better.
"Critical security flaw in Google, discovered by Google's AI'
Do you catch the message now...LOL

[EarnOnVictor]

Just a quick but important heads-up for anyone using Google Chrome
If you're using wallets, trading tools or browsing exchanges via Chrome you're potentially exposed unless you're already updated

Thank you for this update. I think Google products are one of the products one should be careful of these days and not link their account by signing in the way Google wants. I could remember always using Google password manager then, and before I knew it, all my passwords were leaked online. Google actually discovered this and prompted me, but that doesn't change the fact that the deed was done.

Fine, what you explained is not intentional, and technical issues/bugs/porous ways could happen, but still, coupled with the fact that Google collects one's data, is it even worth it?

[Lucius]

People, you are on the bitcointalk forum, shouldn't you all have started valuing your privacy a little more a long time ago and stopped using that spying garbage of a browser? If for some reason you don't want to use Tor, then at least try Mozilla Firefox.

Just a quick but important heads-up for anyone using Google Chrome
If you're using wallets, trading tools or browsing exchanges via Chrome you're potentially exposed unless you're already updated
~snip~

Given that this browser is still one of the most popular and widely used, I have no doubt that whoever is behind the attack will be able to achieve good success before most people upgrade their browser.

[JiiBs]

I prefer to learn how to avoid the malware instead which will be very helpful for people than to just download antivirus instead. I am not saying antivirus is not good but it should not be depended on than knowing how malware get into devices and prevent it instead.

It is good to know that I am not using Chrome. It is an anti-privacy browser.

Both photos, because when the did is done, you need a means to resolve it.

Even then, it’s normal to place abstinence over trying to remedy a damage, you would be more safe not having to get in the situation than looking to provide solution. You never can tell what have been acquired at the time and if your solution completely solves the problem.

Still, it’s a good find and this shows how our trusted apps from trusted developers can be buggy, another use of AI.

[coyhasmon]

People, you are on the bitcointalk forum, shouldn't you all have started valuing your privacy a little more a long time ago and stopped using that spying garbage of a browser? If for some reason you don't want to use Tor, then at least try Mozilla Firefox.

A lot, well most people still use Chrome. I don't blame them though. There are instances where websites don't even work with others such as TOR Browser or sometimes even Firefox. The browser monopoly has been a problem for some time. Actually, the whole browser thing needs to be reworked from scratch. There are severe exploits found in all browsers all the time, which indicates that something is fundamentally wrong with this type of setup.