Google has rolled out one last security patch for Chrome 140 before it gets replaced by Chrome 141 in early October. The update, now available as Chrome 140.0.7339.207/208 for Windows and macOS and 140.0.7339.207 for Linux, addresses three vulnerabilities found in the browser’s V8 JavaScript engine. Fortunately, Google confirmed that none of the issues have been exploited in active attacks so far.
The most serious flaw, tracked as CVE-2025-10890, is a high-risk side-channel information leak within V8. Two additional vulnerabilities, CVE-2025-10891 and CVE-2025-10892, involve integer overflows in V8. Unlike the first flaw, these were not found by human researchers but flagged by Google’s “Big Sleep” system—an AI-powered analysis tool based on Gemini, which Google uses to uncover hidden security weaknesses.
As always, Chrome is designed to update automatically once fixes are available, but users can also manually trigger the process under Help > About Google Chrome. Mobile users are covered too, with Chrome for Android 140.0.7339.207 receiving the same fixes as its desktop counterpart.
The patch also sets the stage for other Chromium-based browsers. Edge, Brave, and Vivaldi have already adopted Chromium 140 and should release their own updates shortly. Opera, which remains behind on Chromium 138, has backported some critical fixes but still leaves users with potential gaps in protection until the browser fully catches up with the current release stream.
