Google Issues Second Emergency Chrome Update in a Week to Patch Critical Security Flaw
By Tanveer Ahmed :
If you’re among the 3.5 billion people worldwide who use Google Chrome on Windows, Mac, Linux, or Android, you’ll want to update your browser immediately. Google has released its second emergency security patch in just seven days, addressing another high-severity vulnerability that could allow hackers to remotely take control of affected systems.
The flaw, identified as CVE-2025-12036, exists in Chrome’s V8 JavaScript engine, which is responsible for executing JavaScript code within the browser. According to Google’s security advisory, the vulnerability could enable remote code execution (RCE) — meaning an attacker could run arbitrary code on a victim’s device simply by luring them to a malicious or compromised website. No additional interaction is required from the user.
Srinivas Sista, a member of Google’s Chrome security team, confirmed that the issue was discovered through Google’s AI-powered “Big Sleep” threat detection system, a relatively new tool designed to identify zero-day exploits before they can be widely abused.
“We’re aware that an exploit for CVE-2025-12036 exists in the wild,” Sista said in a statement. “We urge all users to update Chrome as soon as possible.”
Google has not yet disclosed technical details about the bug or the exploit, following its usual policy of restricting information until the majority of users have received the update. This approach helps prevent malicious actors from replicating or weaponizing the vulnerability before systems are patched.
The update is currently being rolled out to all supported platforms, including Chrome version 130.0.6723.101 for desktop users and Android version 130.0.6723.89. Users can manually check for the update by navigating to:
Menu → Help → About Google Chrome
Once the update installs, Chrome will automatically restart to apply the fix.
This marks the second zero-day fix in a week, underscoring growing cybersecurity challenges facing browsers that rely on complex JavaScript engines. Earlier, Google patched a similar flaw affecting the same V8 engine that was actively exploited in the wild.
Cybersecurity experts warn that because Chrome is the world’s most widely used browser, vulnerabilities like this are prime targets for attackers. They recommend enabling automatic updates and keeping the browser regularly patched to minimize risks.
“When you have a browser installed on billions of devices, every flaw is a potential doorway for attackers,” said a senior cybersecurity analyst at ThreatView Labs. “Google’s quick response shows how critical these updates are to user safety.”
As Chrome remains an essential tool for personal and professional use worldwide, experts emphasize that users should update immediately to stay protected against potential exploitation.
If you’re among the 3.5 billion people worldwide who use Google Chrome on Windows, Mac, Linux, or Android, you’ll want to update your browser immediately. Google has released its second emergency security patch in just seven days, addressing another high-severity vulnerability that could allow hackers to remotely take control of affected systems.
The flaw, identified as CVE-2025-12036, exists in Chrome’s V8 JavaScript engine, which is responsible for executing JavaScript code within the browser. According to Google’s security advisory, the vulnerability could enable remote code execution (RCE) — meaning an attacker could run arbitrary code on a victim’s device simply by luring them to a malicious or compromised website. No additional interaction is required from the user.
Srinivas Sista, a member of Google’s Chrome security team, confirmed that the issue was discovered through Google’s AI-powered “Big Sleep” threat detection system, a relatively new tool designed to identify zero-day exploits before they can be widely abused.
“We’re aware that an exploit for CVE-2025-12036 exists in the wild,” Sista said in a statement. “We urge all users to update Chrome as soon as possible.”
Google has not yet disclosed technical details about the bug or the exploit, following its usual policy of restricting information until the majority of users have received the update. This approach helps prevent malicious actors from replicating or weaponizing the vulnerability before systems are patched.
The update is currently being rolled out to all supported platforms, including Chrome version 130.0.6723.101 for desktop users and Android version 130.0.6723.89. Users can manually check for the update by navigating to:
Menu → Help → About Google Chrome
Once the update installs, Chrome will automatically restart to apply the fix.
This marks the second zero-day fix in a week, underscoring growing cybersecurity challenges facing browsers that rely on complex JavaScript engines. Earlier, Google patched a similar flaw affecting the same V8 engine that was actively exploited in the wild.
Cybersecurity experts warn that because Chrome is the world’s most widely used browser, vulnerabilities like this are prime targets for attackers. They recommend enabling automatic updates and keeping the browser regularly patched to minimize risks.
“When you have a browser installed on billions of devices, every flaw is a potential doorway for attackers,” said a senior cybersecurity analyst at ThreatView Labs. “Google’s quick response shows how critical these updates are to user safety.”
As Chrome remains an essential tool for personal and professional use worldwide, experts emphasize that users should update immediately to stay protected against potential exploitation.
About Author
