Google has rolled out Chrome version 140 to the stable channel, addressing six security vulnerabilities. Four of these issues were reported by external researchers.
The most critical flaw is identified as CVE-2025-9864, a high-severity use-after-free bug in the V8 JavaScript engine. It was discovered by the Yandex Security Team. Google stated that no bug bounty will be awarded for this particular issue, and technical details will remain confidential until the update reaches the majority of users.
Use-after-free bugs are a form of memory corruption that occur when JavaScript code accesses objects after their memory has been released. This can result in heap corruption, which attackers may exploit through specially crafted HTML pages to achieve remote code execution.
The other three vulnerabilities reported externally are medium-severity bugs related to Chrome’s Toolbar, Extensions, and Downloads features. Google awarded $5,000, $4,000, and $1,000 for these findings, respectively. The Extensions issue was originally reported in November 2024.
Chrome 140 is now available as version 140.0.7339.80/81 for Windows and macOS, and version 140.0.7339.80 for Linux. The extended stable channel has also been updated to version 140.0.7339.81 for Windows and macOS.
Although Google has not indicated that any of these vulnerabilities have been exploited in the wild, users are strongly encouraged to update their browsers promptly to stay protected.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
