CVE-2025-9478: 
vulnerability analysis and mitigation

A critical use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) was discovered in Google Chrome versions prior to 139.0.7258.154. The vulnerability, tracked as CVE-2025-9478, was discovered on August 11, 2025, by Google's AI-powered vulnerability discovery agent named Big Sleep. This security flaw affects Chrome browsers across Windows, Mac, and Linux operating systems (Chrome Release, Security Online).

The vulnerability is classified as a use-after-free flaw in ANGLE, which is the graphics engine responsible for WebGL and other rendering tasks in Chrome. The issue received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is categorized under CWE-416 (Use After Free) (NVD Database).

The vulnerability in ANGLE could potentially allow attackers to achieve remote code execution through malicious web content, potentially leading to system compromise. Given ANGLE's central role in Chrome's graphics rendering across multiple platforms, the impact of this vulnerability is particularly severe (Security Online).

Google has released version 139.0.7258.154/.155 for Windows and Mac, and version 139.0.7258.154 for Linux to address this vulnerability. Users are strongly advised to update their Chrome browsers to these versions or later. The update is being rolled out over several days/weeks to ensure a smooth transition (Chrome Release).

This vulnerability has gained significant attention as it marks another successful discovery by Google's AI agent Big Sleep, which was first announced in 2024. The AI agent's ability to identify critical security flaws demonstrates the growing role of artificial intelligence in cybersecurity research and vulnerability discovery (Security Online).