Google’s in-house AI agent discovers crucial vulnerability in Chrome

Google has fastened a crucial vulnerability in Chrome variations 139.0.7258.154/155 for Home windows and macOS and 139.0.7258.154 for Linux. In keeping with Google, the vulnerability has not but been exploited for assaults within the wild. The producers of different Chromium-based browsers are anticipated to comply with swimsuit within the coming days.

Within the Chrome Releases weblog submit, Krishna Govind presents the eradicated vulnerability (CVE-2025-9478), which is handled as if it had been found by exterior safety researchers, however Google Huge Sleep is called because the discoverer of the vulnerability. That is an “AI” software based mostly on Gemini for detecting safety vulnerabilities and it’s designed to detect vulnerabilities by itself with out human help.

Because the safety findings of such “AI” instruments ought to all the time be handled with warning, they’re double-checked by consultants. Google doesn’t present any info on how usually Huge Sleep makes a misdiagnosis. On this case, nevertheless, Huge Sleep has clearly not made a mistake—and Google even classifies CVE-2025-9478 (a use-after-free vulnerability within the Angle graphics library) as crucial.

Within the earlier safety replace for Chrome from per week in the past, Google additionally closed a safety vulnerability found by Huge Sleep. Whether or not such “AI” instruments might be wanted within the close to future to search out safety vulnerabilities in program code generated by “AI” stays to be seen.

Chrome normally updates itself routinely when a brand new model is obtainable. You possibly can set off the replace test manually utilizing the menu merchandise Assist > About Google Chrome. Google has additionally offered Chrome for Android 139.0.7258.158. The Android model fixes the identical vulnerabilities because the desktop model.

Google plans to launch Chrome 140 within the coming week, whereas a small variety of customers are already getting a taster this week.

Different Chromium-based browsers

The producers of different Chromium-based browsers at the moment are required to comply with swimsuit with updates. Microsoft Edge, Courageous, and Vivaldi are at present finally week’s safety degree. Nonetheless, Vivaldi doesn’t use Chromium 139, however Chromium 138 from the Prolonged Steady Channel.

Regardless of the crash repair replace on August twenty fifth, Opera remains to be utilizing the outdated Chromium 135, for which Google has not offered any updates because the finish of April. Opera’s subsequent model, which remains to be outfitted with Chromium 137 (from mid-June), remains to be within the beta check stage and will seem simply in time for the discharge of Chrome 140.