Chrome 140 Patches Six Vulnerabilities, Including High-Severity V8 Flaw (CVE-2025-9864)
Do Son 
Google has announced the Chrome 140 stable channel release for Windows, macOS, and Linux. The rollout, with builds 140.0.7339.80 (Linux) and 140.0.7339.80/81 (Windows and Mac), will continue over the coming days and weeks. This update addresses a total of six security vulnerabilities, in addition to performance fixes and stability improvements.
Among the issues patched, the most critical is CVE-2025-9864, a high-severity use-after-free flaw in the V8 JavaScript engine, reported by Pavel Kuzmin of Yandex Security Team. Google notes that this bug could potentially be exploited to execute arbitrary code in the browser, making it a priority concern for all users.
Alongside the V8 fix, Google also addressed several medium-severity vulnerabilities in components such as the Toolbar (CVE-2025-9865), Extensions (CVE-2025-9866), and Downloads (CVE-2025-9867), all reported by external researchers through Chrome’s bug bounty program. Rewards for these reports ranged from $1,000 to $5,000.
In its advisory, Google reminded users: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” This ensures attackers cannot immediately weaponize disclosed flaws.
As always, Chrome updates will roll out automatically, but users are encouraged to manually check for updates to ensure they are running the latest secure version.
Related Posts:
- Chrome Update Alert: Two High-Severity Flaws Patched – Update Now to Stay Safe!
- Mozilla releases emergency update to fix two exploited zero-day vulnerabilities in Firefox
- Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available
- Chrome Zero-Day: Exploit in the Wild and PoC Released
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
