Google has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks.
The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several security fixes and improvements.
A full list of changes is available in the Chromium log. Extended Stable Channel users on Windows and Mac will receive version 140.0.7339.81.
Chrome 140 includes six security fixes, three of which were contributed by external researchers. Google assigns reward amounts for reported issues and lists details of each fix.
Below is a summary of the security bugs that address remote code execution and related risks.
| CVE | Severity | Reward | Reporter |
| CVE-2025-9864 | High | NA | Pavel Kuzmin (Yandex Security Team) |
| CVE-2025-9865 | Medium | $5000 | Khalil Zhani |
| CVE-2025-9866 | Medium | $4000 | NDevTK |
| CVE-2025-9867 | Medium | $1000 | Farras Givari |
The most critical issue, CVE-2025-9864, is a use-after-free vulnerability in Chrome’s V8 JavaScript engine.
This bug could allow attackers to run malicious code remotely, leading to data theft or system compromise. Google thanks Pavel Kuzmin of Yandex Security Team for reporting it on July 28, 2025.
Another notable fix, CVE-2025-9865, addresses an inappropriate implementation in the Toolbar component. Khalil Zhani reported this issue on August 7, 2025, earning a $5000 reward.
The Extensions system faced multiple reports, including CVE-2025-9866, which a researcher known as NDevTK reported on November 16, 2024, for $4000.
Additionally, CVE-2025-9867, involving the Downloads component, was reported by Farras Givari on May 4, 2025, for $1000.
Beyond external contributions, Google’s internal teams continue to improve Chrome’s security through audits, fuzzing, and other initiatives.
One combined internal fix, ID 442611697, addresses various vulnerabilities uncovered by AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL testing tools.
Users are encouraged to update Chrome as soon as the new version appears on their devices. Extended Stable Channel users will see the update under “About Google Chrome.”
Staying current with Chrome updates is the best way to protect against remote code execution and other threats. Make sure your browser is up to date to benefit from the latest security protections and improvements.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
