Google released Chrome 140.0.7339.80/81 to the stable channel on September 2, 2025, for Windows, Mac, and Linux. This update addresses six security vulnerabilities, including one high-severity flaw in the V8 JavaScript engine, along with several medium-severity issues in Chrome components such as Toolbar, Extensions, and Downloads.
Severity Level: High
Vulnerability Details
- CVE-2025-9864: A use-after-free vulnerability in Chrome’s V8 engine could allow attackers to execute arbitrary code by exploiting memory mismanagement when handling crafted JavaScript objects.
- CVE-2025-9865: An inappropriate implementation in the Toolbar component could enable attackers to manipulate browser UI elements, potentially facilitating phishing or clickjacking attacks.
- CVE-2025-9866: A flaw in Chrome’s Extensions handling could be exploited to bypass security checks or escalate privileges through malicious or compromised extensions.
- CVE-2025-9867: Improper implementation in the Downloads component could allow attackers to abuse file handling processes, potentially leading to unauthorized file execution or injection attacks.
Affected Products
- Google Chrome versions prior to 140.0.7339.80/81 for Windows, Mac and Linux
Fixed Versions
- Google Chrome version 140.0.7339.80 for Linux
- Google Chrome version 140.0.7339.80/81 for Windows and Mac
Recommendations
- Ensure Google Chrome and Chromium based browsers are running latest security updates.
- Enforce auto-updates for Chrome in enterprise environments.
- Enable Enhanced Safe Browsing mode for real-time protection.
Source:
- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.