Google released a critical security patch for Chrome on January 16, addressing a zero-day vulnerability that attackers are actively exploiting in the wild. Users running Chrome on Windows, Mac, and Linux need to update immediately.
The vulnerability, tracked as CVE-2025-0090, allows attackers to execute arbitrary code on your computer through a flaw in Chrome's V8 JavaScript engine. Security researchers at Google's Threat Analysis Group confirmed that real attacks using this exploit are already happening. This isn't a theoretical risk.
Updating Chrome is straightforward. On most systems, the browser automatically downloads updates but requires a restart to apply them. Check your version by clicking the three-dot menu, selecting "About Chrome," and letting the browser check for updates. If you see a restart button, click it immediately. On Windows and Mac, you can also force an update by closing Chrome completely and reopening it.
The danger here is direct. Malicious websites or compromised ads could silently install malware, steal passwords, or hijack your banking credentials without any warning. If you use Chrome to access financial accounts, email, or sensitive work files, this patch ranks among the most important security updates you'll receive this year.
Chrome's automatic update system should handle most installations, but verification matters. Visit chrome://version/ and confirm your version number matches Google's latest release. If your number lags behind what Google lists on its security updates page, manually trigger another update cycle.
Users relying on Chromium-based browsers like Edge, Brave, or Opera should also update those applications, as they share the same vulnerable code. Check their individual update settings to confirm you're running the latest version.
Delaying this update increases your risk substantially. Exploit code for this vulnerability is public and easy to deploy. Every day your browser remains unpatched makes you a potential target for financial fraud or data theft.