Google Chrome Issues High-Severity Fix for V8 Engine Vulnerability (CVE-2025-9132)

Google has released a Stable Channel Update for its Chrome browser, addressing a critical security issue in the widely used V8 JavaScript engine. The update, rolling out to Windows, macOS, and Linux users over the coming days, brings Chrome to version 139.0.7258.138/.139 (Windows and Mac) and 139.0.7258.138 (Linux).

This release includes a single but significant patch:

• CVE-2025-9132: Out of bounds write in V8

Google classified the flaw as high severity, which typically indicates a vulnerability that could be exploited to achieve memory corruption, crashes, or even arbitrary code execution under the right conditions. Out-of-bounds write vulnerabilities occur when software writes data outside the intended memory buffer, potentially allowing attackers to alter program behavior or inject malicious payloads.

The V8 engine powers not only Chrome but also other Chromium-based browsers, meaning the impact of this vulnerability could extend beyond Chrome itself. Attackers often target memory-related bugs in V8 because they can be chained with other flaws to create zero-day exploits.

While there is no evidence yet of CVE-2025-9132 being exploited in the wild, history shows that V8 vulnerabilities are frequently leveraged by advanced threat actors.

As is standard practice, Google is restricting access to technical details about CVE-2025-9132 until a majority of users have received the update. This policy helps minimize the risk of active exploitation by preventing attackers from using newly released details to craft exploits before users apply patches.

Users should:

• Update Chrome immediately to the latest version (139.0.7258.138/.139).
• Restart the browser to ensure patches are applied.
• Organizations using Chromium-based browsers (such as Microsoft Edge, Brave, or Opera) should monitor vendor advisories closely for downstream updates.

Related Posts:

• Chrome Update Alert: Two High-Severity Flaws Patched – Update Now to Stay Safe!
• Chrome 137 Released: Fixes High-Severity Use-After-Free & V8 Bugs
• Google Patches Actively Exploited Chrome Zero-Day: CVE-2025-6554
• Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available
• MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy