Google on Tuesday launched Chrome 140 to the secure channel with patches for six vulnerabilities, together with a 4 reported by exterior researchers.
Essentially the most extreme of the bugs is CVE-2025-9864, a high-severity use-after-free challenge within the V8 JavaScript engine that was reported by the Yandex Safety Group.
In response to Google’s advisory, no bug bounty reward will probably be paid for this safety defect, and bug particulars will probably be saved restricted till the patches attain most customers.
A kind of reminiscence corruption flaws, use-after-free vulnerabilities in V8 happen when JavaScript code can entry objects after their reminiscence has been deallocated, which might result in heap corruption.
Attackers can probably exploit the heap corruption through crafted HTML pages, usually for distant code execution (RCE).
The remaining three safety defects reported by exterior researchers are medium-severity inappropriate implementation bugs in Chrome’s Toolbar, Extensions, and Downloads elements.
Google says it handed out rewards of $5,000, $4,000, and $1,000 for them, respectively. The Extensions flaw was reported in November 2024.
The newest Chrome iteration is now rolling out as variations 140.0.7339.80/81 for Home windows and macOS, and as model 140.0.7339.80 for Linux. The prolonged secure channel has been up to date to Chrome 140.0.7339.81 for each Home windows and macOS.Commercial. Scroll to proceed studying.
Google makes no point out of any of those vulnerabilities being exploited within the wild, however customers are suggested to replace their browsers as quickly as doable.
Associated: Sangoma Patches Essential Zero-Day Exploited to Hack FreePBX Servers
Associated: Password Managers Weak to Information Theft through Clickjacking
Associated: Flaw Permitting Web site Takeover Present in WordPress Plugin With 400k Installations
Associated: Home windows’ Notorious ‘Blue Display screen of Loss of life’ Will Quickly Flip Black
