Google has released an important security update for Chrome that patches three newly discovered vulnerabilities, including two high-severity issues reported by external researchers. These flaws affect Chrome on Windows, macOS, and Linux. If you use Chrome, you should update your browser right now.
The first bug, CVE-2025-6191, was found in Chrome’s V8 JavaScript engine. It is an integer overflow issue. If exploited, it could allow attackers to execute malicious code. Google awarded $7,000 to the researcher who reported it.
The second issue, CVE-2025-6192, was found in Chrome’s Profiler component. This is a use-after-free vulnerability. This type of flaw happens when a program continues to use memory after it has been freed. Google paid $4,000 to the person who discovered it.
Google did not share details about the third vulnerability, which was internally found. It is common for Google to hold back technical information on bugs to prevent exploitation before users update.
These issues have been fixed in Chrome version 137.0.7151.119/.120 for Windows and macOS, and in 137.0.7151.119 for Linux.
Google has not said whether these specific bugs have been used in real-world attacks. But it is important to note that recent Chrome vulnerabilities have been exploited by hackers, so you should update Chrome to the latest version as soon as possible.
To check for updates, click the three-dot menu in Chrome and go to Help > About Google Chrome. Chrome will automatically check for updates and install them.
