TLDR: Google’s advanced AI agent, ‘Big Sleep,’ has autonomously discovered a critical use-after-free vulnerability (CVE-2025-9478) in Chrome’s ANGLE graphics engine. This flaw, which could allow remote code execution, has prompted an urgent update for Chrome users. Developed by Google DeepMind and Project Zero, Big Sleep continues to exceed expectations in proactive security research, having identified multiple real-world flaws and even thwarted an in-the-wild exploitation attempt earlier this year.
Google has released an urgent security update for its Chrome browser, addressing a critical use-after-free vulnerability, identified as CVE-2025-9478. What makes this discovery particularly noteworthy is that the flaw was not found by a human researcher, but by ‘Big Sleep,’ Google’s sophisticated AI-powered vulnerability discovery agent. The vulnerability, found on August 11, 2025, resides within ANGLE (Almost Native Graphics Layer Engine), a crucial graphics component in Chrome. A use-after-free bug in this component could enable remote attackers to exploit heap corruption via a specially crafted HTML page, potentially leading to arbitrary code execution and system compromise.
Google has rolled out Chrome version 139.0.7258.154/155 for Windows and Mac users, with the Linux update expected to follow shortly. Details regarding the bug are being kept restricted until a majority of users have updated their browsers to mitigate widespread exploitation risks.
‘Big Sleep,’ developed by Google DeepMind in collaboration with Project Zero, was first announced in 2024 with the mission to proactively discover security flaws before they can be exploited by malicious actors. Since its inception, the AI agent has significantly exceeded expectations, uncovering a total of 20 security vulnerabilities across widely deployed software. Earlier this year, Big Sleep played a pivotal role in thwarting an attempted exploitation of a SQLite vulnerability (CVE-2025-6965) in the wild. Google stated, ‘We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.’
Also Read:
- Artificial Intelligence Fuels 70% Surge in Ransomware Attacks, Igniting Cybersecurity Arms Race
- AI Summarization Tools Exploited as New Malware Delivery Vector
Sandra Joyce, Vice President at Google Threat Intelligence, commented in July 2025, ‘Since it was introduced last year, it has continued to discover multiple flaws in widely-used software, exceeding our expectations and accelerating AI-powered vulnerability research.’ This latest discovery in Chrome’s ANGLE engine further underscores the immense potential of AI in bolstering cybersecurity defenses, transforming the landscape of vulnerability research by identifying critical issues in foundational software components like FFmpeg, ImageMagick, and now Chrome’s graphics layer.
