Mountain View, CA — Google has released Chrome version 137 to the stable channel for Windows, macOS, and Linux. The update, announced on May 27, 2025, includes major security fixes and introduces a new artificial intelligence system to help defend users from online threats.
Chrome 137.0.7151.55 for Linux and 137.0.7151.55/56 for Windows and Mac addresses 11 vulnerabilities, including several rated high-severity. These flaws were reported by both independent researchers and Google’s internal teams.
Critical Security Vulnerabilities Addressed
Among the most serious issues fixed:
- CVE-2025-5063: A use-after-free bug in Compositing reported by an anonymous researcher.
- CVE-2025-5280: An out-of-bounds write in the V8 JavaScript engine, reported by researcher pwn2car, that could lead to remote code execution.
Google’s bug bounty program rewarded contributors for identifying additional flaws. Highlights include:
- $4,000 to Maurice Dauer for a flaw in the Background Fetch API.
- $2,000 to NDevTK for a vulnerability in the FileSystemAccess API.
- $1,000 to Mohit Raj for messaging-related issues affecting Android users.
- $500 to Khalil Zhani for a tab strip spoofing issue.
Google withholds full technical details of these bugs until most users have installed the update, following responsible disclosure practices.
AI-Powered Threat Detection with Gemini Nano
Chrome 137 introduces the Gemini Nano AI model, which runs entirely on users’ devices to identify and block online scams in real-time. The feature is specifically designed to combat tech support scams that use deceptive techniques like locking the keyboard or mimicking system alerts.
The AI model analyzes webpage content, behavior, and layout to detect suspicious patterns. When a scam is identified, Chrome generates a warning and sends signals to Google’s Safe Browsing service. This is especially helpful in detecting short-lived threats that may only exist online for a few minutes.
Web Platform Enhancements
In addition to security updates, Chrome 137 delivers several important improvements for web developers:
- Support for floating-point color types in canvas rendering, useful for medical imaging and high dynamic range (HDR) content.
- Improved support for SVG
<use>elements referencing external documents. - Introduction of Document-Isolation-Policy, which simplifies achieving cross-origin isolation without complex headers.
- Added support for the Ed25519 digital signature algorithm via the Web Cryptography API.
Impact and Future Direction
With Chrome holding about 65% of the global browser market as of 2024, these updates will benefit billions of users worldwide. The integration of on-device AI marks a significant shift from reactive defenses to proactive threat prevention.
This release reflects Google’s ongoing commitment to enhancing browser security through advanced technology while preserving user privacy. The use of local AI processing ensures that user data remains on the device, setting a new standard in secure, intelligent web browsing.
