Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems.
The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, was announced on August 12, 2025, and will roll out to users over the coming days and weeks.
The security update represents a significant response to vulnerabilities discovered by both external security researchers and Google’s internal security teams.
Among the most concerning fixes are three high-severity vulnerabilities that pose serious risks to user security and system integrity.
The update addresses critical flaws in core browser components, including the V8 JavaScript engine, graphics processing systems, and media codec libraries.
These vulnerabilities, if exploited, could potentially allow attackers to execute arbitrary code, leading to complete system compromise.
| CVE ID | Severity | Component | Vulnerability Type | Reporter | Report Date |
| CVE-2025-8879 | High | libaom | Heap buffer overflow | Anonymous | 2025-07-15 |
| CVE-2025-8880 | High | V8 | Race condition | Seunghyun Lee (@0x10n) | 2025-07-23 |
| CVE-2025-8901 | High | ANGLE | Out of bounds write | Google Big Sleep | 2025-07-30 |
| CVE-2025-8881 | Medium | File Picker | Inappropriate implementation | Alesandro Ortiz | 2025-07-23 |
| CVE-2025-8882 | Medium | Aura | Use after free | Umar Farooq | 2025-08-01 |
The most critical vulnerability, CVE-2025-8879, involves a heap buffer overflow in libaom, the media codec library used for processing video content.
Heap buffer overflows are particularly dangerous as they can allow attackers to overwrite memory and potentially execute malicious code.
CVE-2025-8880 addresses a race condition in the V8 JavaScript engine, which could be exploited through malicious web content to achieve code execution.
Race conditions occur when multiple processes access shared resources simultaneously, creating opportunities for attackers to manipulate program execution.
The third high-severity flaw, CVE-2025-8901, involves an out-of-bounds write vulnerability in ANGLE, Google’s graphics engine that translates OpenGL calls.
This vulnerability was discovered by Google’s Big Sleep AI system, demonstrating the company’s use of artificial intelligence in security research.
Google’s security team emphasized that access to detailed bug information remains restricted until most users have updated their browsers.
This approach helps prevent malicious actors from exploiting vulnerabilities before patches are widely deployed.
The company continues to rely heavily on automated security testing tools, including AddressSanitizer, MemorySanitizer, and fuzzing technologies to identify potential vulnerabilities before they reach stable releases.
Users are strongly encouraged to update their Chrome browsers immediately to protect against these serious security threats.
AWS Security Services: 10-Point Executive Checklist - Download for Free
Source link
