Security Advisory: A critical use-after-free vulnerability has been identified in the ANGLE graphics library used by Google Chrome which enables applications designed for OpenGL ES (OpenGL used on mobile and embedded devices) or WebGL (a web-based 3D graphics API) to run on platforms that primarily use other graphics APIs, such as DirectX on Windows or Vulkan on Android.

OEM	Google Chrome
Severity	High
CVSS Score	8.8
CVEs	CVE-2025-9478
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

This vulnerability could allow attackers to take control of your device simply by visiting a harmful website using HTML or WebGL which is just opening the wrong page could let hackers run their own code on our system. 

Google has already fixed this problem in the latest Chrome update (version 139.0.7258.154/.155 for Windows & macOS and 139.0.7258.154 for Linux). Users and administrators are strongly advised to apply the latest updates immediately. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​ Use-After-Free Vulnerability in ANGLE	CVE-2025- 9478	Google Chrome	High	v139.0.7258.154/.155 (Win/Mac), v139.0.7258.154 (Linux)

Technical Summary 

This security issue happens when Chrome accidentally reuses computer memory that should no longer be in use. This is exploited by the attacker, if we visit a harmful website designed by cybercriminals, it can secretly run special graphics commands (through WebGL or Canvas). This could corrupt our system’s memory, crash our browser, or allow hackers to run their own code on our device remotely. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025- 9478	Chrome < 139.0.7258.154	A Vulnerability in Chrome’s graphics engine lets attackers reuse cleared memory through specially designed HTML/WebGL input.	Remote code execution,   Data theft

Remediation: 

• Update to Chrome latest versions 139.0.7258.154/.155 on Windows/macOS or 139.0.7258.154 on Linux or the later one. 

Here are some recommendations below 

• Keep monitoring the logs for suspicious activities unusual WebGL or graphics API call. 

• Conduct user awareness training to educate users about the risks of malicious websites, avoiding unknown links. 

Conclusion: 
This is a high-severity Chrome vulnerability that could allow remote code execution via malicious WebGL content. Although not yet exploited in the wild but immediate patching is essential. Users should update Chrome, monitor unusual graphics activity and stay informed about malicious website risks to ensure strong browser security. 

References: 

• https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_26.html 

• https://gbhackers.com/critical-chrome-use-after-free-flaw/