The Hackingpost - © Copyright The Hackingpost. All Rights Reserved.

Saturday, September 6
Header Banner
HomeCyberChrome 140 Released With Fix For Six Vulnerabilities that Enable Remote Code Execution Attacks
CyberCybersecurityDesignEventMobileNewsSecurity

Chrome 140 Released With Fix For Six Vulnerabilities that Enable Remote Code Execution Attacks

Michael Reeves
September 3, 2025
0
5

Cybersecurity

Google has officially released Chrome 140 to the stable channel, initiating a rollout across multiple platforms including Windows, Mac, Linux, Android, and iOS.

Security Enhancements

This update introduces several stability and performance improvements, prominently featuring a critical security patch that addresses six vulnerabilities. Among these, a high-severity flaw has been identified, which could allow for remote code execution.

Users are advised to update their browsers promptly to mitigate potential risks.

Version Details

The desktop version is designated as build 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac. The Extended Stable channel also receives an update with build 140.0.7339.81.

For mobile users, the update is available with version 140.0.7339.35 on Android and 140.0.7339.95 on iOS. Due to the severity of the vulnerabilities addressed, it is recommended that users manually check for updates as the rollout progresses over the coming days and weeks.

Critical Vulnerability Information

The most significant issue resolved is a high-severity vulnerability tracked as CVE-2025-9864. This “use after free” flaw exists in V8, the JavaScript and WebAssembly engine that powers Chrome. Such vulnerabilities occur when a program continues to use a pointer after the memory it points to has been deallocated, potentially leading to serious security risks.

This vulnerability was reported by Pavel Kuzmin of the Yandex Security Team on July 28, 2025. In addition to the V8 flaw, Google has addressed several medium-severity issues reported by external researchers, including:

  • CVE-2025-9865: Inappropriate implementation in the Toolbar.
  • CVE-2025-9866: Inappropriate implementation in Extensions.
  • CVE-2025-9867: Inappropriate implementation in Downloads.

Google awarded a total of $10,000 to the external researchers who identified these vulnerabilities, as detailed in the advisory.

Internal Security Measures

Beyond contributions from external researchers, this release includes additional security enhancements stemming from Google’s own internal security efforts. The company credits its rigorous internal auditing processes and advanced testing tools for identifying many issues before they reach the stable channel.

Google employs automated tools such as AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer, along with fuzzing technologies like libFuzzer and AFL, to proactively detect and neutralize memory corruption and other security vulnerabilities.

As Chrome 140 is rolled out globally, Google is temporarily restricting access to specific bug details and links to prevent threat actors from exploiting these vulnerabilities before a majority of users have updated. Users can ensure protection by accessing Chrome’s “About Google Chrome” settings, which will automatically download and install the latest version.

TagsAwardCyberCybersecurityDesignEngineEUEventGoogleNewsSecurityTechUSWindows
Previous Article

These Are Some Interesting Innovations That Have Come From Women In Cyber

Next Article

OpenAI Set to Acquire Analytics Platform Statsig in $1.1 Billion Agreement

Comments are closed.

More News

© Copyright The Hackingpost. All rights reserved.