Multiple High & Medium Severity Vulnerabilities Patched in Google Chrome – Update Now!

Google released Chrome 140.0.7339.80/81 to the stable channel on September 2, 2025, for Windows, Mac, and Linux. This update addresses six security vulnerabilities, including one high-severity flaw in the V8 JavaScript engine, along with several medium-severity issues in Chrome components such as Toolbar, Extensions, and Downloads.

Severity Level: High

Vulnerability Details

1. CVE-2025-9864: A use-after-free vulnerability in Chrome’s V8 engine could allow attackers to execute arbitrary code by exploiting memory mismanagement when handling crafted JavaScript objects.
2. CVE-2025-9865: An inappropriate implementation in the Toolbar component could enable attackers to manipulate browser UI elements, potentially facilitating phishing or clickjacking attacks.
3. CVE-2025-9866: A flaw in Chrome’s Extensions handling could be exploited to bypass security checks or escalate privileges through malicious or compromised extensions.
4. CVE-2025-9867: Improper implementation in the Downloads component could allow attackers to abuse file handling processes, potentially leading to unauthorized file execution or injection attacks.

Affected Products

• Google Chrome versions prior to 140.0.7339.80/81 for Windows, Mac and Linux

Fixed Versions

• Google Chrome version 140.0.7339.80 for Linux
• Google Chrome version 140.0.7339.80/81 for Windows and Mac

Recommendations

1. Ensure Google Chrome and Chromium based browsers are running latest security updates.
2. Enforce auto-updates for Chrome in enterprise environments.
3. Enable Enhanced Safe Browsing mode for real-time protection.

Source:

• https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.