Google has released Chrome 138, now rolling out as version 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and macOS, bringing important security and feature updates to users. Chrome 138 addresses 11 security vulnerabilities, including several discovered and reported by external security researchers.
Security Fixes
The most notable fixes include:
• CVE-2025-6555 (Medium Severity): Use-after-free vulnerability in the Animation component, which earned a $4,000 bug bounty.
• CVE-2025-6556 (Low Severity): Insufficient policy enforcement in the Loader component.
• CVE-2025-6557 (Low Severity): Insufficient data validation in DevTools, with a $1,000 reward for the reporter.
The remaining vulnerabilities are not detailed publicly at this time, as Google typically withholds full details until a majority of users have updated, to prevent exploitation. There is no indication that any of these vulnerabilities have been exploited in the wild, but users are strongly encouraged to update their browsers promptly.
Additional Release Highlights
Beyond security, Chrome 138 introduces several new features and improvements:
New Translator, Language Detector, and Summarizer APIs allow web applications to perform AI-powered tasks—such as translating, summarizing, or detecting the language of text—directly in the browser using models like Gemini Nano.
New CSS functions and the Viewport Segments API for better support of foldable devices. The release also integrates general improvements for a smoother browsing experience.
Update Availability
The update is rolling out now and will reach users over the coming days and weeks via the stable channel. Extended stable channel users on Windows and Mac will also receive the update as version 138.0.7204.50.
