If you’re among the 3.5 billion people worldwide using Google Chrome on Windows, Mac, Linux, or Android, it’s crucial to update your browser immediately. Google has issued another emergency security patch—its second within a week—to address a serious vulnerability that exposes users to potential remote code execution (RCE) attacks.
The newly identified flaw, tracked as CVE-2025-12036, affects Chrome’s V8 JavaScript engine, a core component responsible for running JavaScript code inside the browser. The issue allows cyber attackers to execute harmful code on a user’s system simply by luring them to a compromised or malicious website—no clicks or downloads are necessary beyond visiting the page.
According to Srinivas Sista from the Chrome security team, the bug was discovered by Google’s AI-powered Big Sleep tool, designed to proactively detect hidden vulnerabilities in Chrome’s codebase. To prevent exploitation, Google has restricted specific technical details about the flaw until a majority of users receive the update.
The patch is currently being rolled out globally across all major platforms. Chrome users should ensure their browser is updated to the following versions:
- Windows and Mac: 141.0.7390.122 or .123
- Linux: 141.0.7390.122
- Android: 141.0.7390.122
While Chrome typically updates automatically, users are advised to check manually by going to the browser’s settings menu → Help → About Google Chrome. This will trigger Chrome to verify and install any pending updates instantly.
Cybersecurity experts have warned that such zero-day vulnerabilities are increasingly being exploited by hackers to compromise devices. Therefore, staying updated remains the simplest yet most effective defense against potential threats.
With this emergency patch, Google continues its proactive approach to safeguarding user security in one of the world’s most widely used browsers.
