Google Rolls Out Final Chrome 140 Update With Security Fixes

Google has released its final update for Chrome 140, addressing multiple security vulnerabilities ahead of the browser’s upgrade to Chrome 141 in early October.

The patched versions, Chrome 140.0.7339.207/208 for Windows and macOS and 140.0.7339.207 for Linux, resolve three security issues in the V8 JavaScript engine. While Google confirmed none of the vulnerabilities have been exploited in the wild, they were all classified as high risk.

Vulnerabilities Fixed

• CVE-2025-10890: A high-risk side-channel information leak in the V8 JavaScript engine, reported by an external security researcher.

• CVE-2025-10891 & CVE-2025-10892: High-risk integer overflow flaws, both discovered using Google’s Big Sleep AI tool, which is based on Gemini and designed to detect vulnerabilities without human input.

The update has also been released for Chrome on Android (140.0.7339.207), ensuring mobile users are protected from the same risks as desktop users.

Automatic and Manual Updates

As with previous releases, Chrome will update itself automatically once the patch becomes available. Users who want to check or trigger the update manually can do so via Help > About Google Chrome in the browser menu.

Impact on Other Browsers

Because the vulnerabilities affect the Chromium engine, other Chromium-based browsers such as Microsoft Edge, Brave, and Vivaldi will also need to release security updates. These browsers had already adopted Chromium 140 and now sit just behind the patched Chrome build in terms of security readiness.

Google will roll out Chrome 141 in early October, continuing its regular update cycle.

Photo Credit: DepositPhotos.com