Husain Parvez
Published on: September 11, 2025
Google has released Chrome 140 to the stable channel, delivering updates across Windows, Mac, Linux, Android, and iOS. The rollout began on September 2, 2025, with desktop builds identified as 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, while the Extended Stable channel received 140.0.7339.81.
The headline change is a critical patch for six security flaws, including CVE-2025-9864, a high-severity “use-after-free” bug in Chrome’s V8 JavaScript engine. Google described the flaw as “a use after free in V8,” which can occur “when a program continues to use a pointer after the memory it points to has been deallocated.” If exploited, the issue could let attackers craft a malicious web page that triggers remote code execution.
The bug was reported on July 28, 2025, by Pavel Kuzmin of the Yandex Security Team. Google credited him in its advisory, noting that “the phishing emails were sent from ******@fm.gov.om… routed via a NordVPN exit node in Jordan (212.32.83.11), masking the true origin.”
Three medium-severity vulnerabilities were also patched: CVE-2025-9865 in the Toolbar, CVE-2025-9866 in Extensions, and CVE-2025-9867 in Downloads. External researchers Khalil Zhani, NDevTK, and Farras Givari reported these flaws, receiving bug bounty rewards of $5,000, $4,000, and $1,000, respectively. Google confirmed that “six security bugs were fixed, three of which were contributed by external researchers,” bringing total payouts for this round to $10,000.
Beyond external contributions, Chrome’s internal teams fixed additional issues through automated tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and fuzzing technologies like libFuzzer and AFL. Google continues to withhold full technical details until most users have updated, a standard practice to prevent attackers from reverse-engineering exploits.
Users can update manually by going to Chrome’s “About Google Chrome” settings page, which will trigger the automatic download and installation of the latest version. With CVE-2025-9864 carrying a CVSS score of 8.8 and rated high-severity, applying this update promptly is essential to avoid potential exploitation.
