Google has officially rolled out Chrome 140, a security-focused update that patches several newly discovered vulnerabilities across desktop and mobile platforms. The update is now available as Chrome version 140.0.7339.80/81 for Windows and macOS and 140.0.7339.80 for Linux. While the company confirmed that none of the patched vulnerabilities are currently being exploited in the wild, the update is still considered important, particularly since one of the flaws has been rated high severity. Updates for Chromium-based browsers such as Microsoft Edge, Brave, and Vivaldi are expected to follow shortly.
In its Chrome Releases blog, Google outlined six vulnerabilities fixed in this release, four of which were discovered and reported by external security researchers. Among them, CVE-2025-9864, a use-after-free vulnerability in the V8 JavaScript engine, is flagged as high risk due to its potential to allow attackers to execute malicious code or trigger crashes. The remaining externally reported vulnerabilities (CVE-2025-9865, CVE-2025-9866, and CVE-2025-9867) are classified as medium severity. Google has not shared details on the two vulnerabilities it found internally, continuing its practice of withholding technical specifics until users have widely installed the patch.
Chrome updates typically install automatically, but users can check for updates manually through Help > About Google Chrome if they want to ensure they’re protected immediately. Mobile users are also covered, with Chrome for Android updated to version 140.0.7339.35 and Chrome for iOS to version 140.0.7339.95. Google has extended these fixes to its Extended Stable Channel as well, releasing version 140.0.7339.81 for Windows and macOS to serve enterprise and long-term users.
Notably, Chrome 140 does not introduce any new user-facing features, focusing solely on security and stability ahead of Chrome 141, which Google says will arrive in early October. Meanwhile, other Chromium-based browsers are in different stages of catching up. Edge, Brave, and Vivaldi are still on last week’s patch level, while Opera is lagging even further behind—its current version 121 remains based on Chromium 137, a build that Google stopped updating in June. This gap highlights ongoing concerns about security fragmentation among Chromium browsers, underscoring the importance of timely updates across the ecosystem.
