Google has issued an urgent security update for its Chrome web browser to address three high-severity vulnerabilities that could allow attackers to access sensitive information or cause the system to crash.
The company is advising users to update their browsers immediately to mitigate the potential risks associated with these flaws.
The latest patch brings the Chrome Stable channel to version 140.0.7339.207/.208 for Windows and Mac, and 140.0.7339.207 for Linux. The update will be distributed automatically over the coming days and weeks, but users can manually trigger the update to ensure they are protected without delay.
All three high-severity vulnerabilities discovered reside within the V8 JavaScript and WebAssembly engine, a core component of Chrome that is responsible for executing program code.
The first flaw, tracked as CVE-2025-10890, is a side-channel information leakage vulnerability. This type of weakness could potentially allow a remote attacker who has convinced a user to visit a malicious website to read sensitive data from the browser’s memory, bypassing security measures designed to keep information isolated. External security researcher Mate Marjanović reported this vulnerability.
The other two vulnerabilities, CVE-2025-10891 and CVE-2025-10892, are both described as integer overflows within the V8 engine.
These were discovered internally by Google’s Big Sleep research team. An integer overflow is a common software bug that occurs when a numerical value is too large for the memory space allocated to it, causing it to “wrap around” and result in unexpected behavior.
In a browser context, attackers can often exploit such flaws to cause a denial-of-service condition by crashing the renderer process or to execute arbitrary code on the affected system.
Attackers Could Exploit the Vulnerabilities
A successful exploit of these vulnerabilities would typically require an attacker to lure a victim into visiting a specially crafted, malicious webpage.
For CVE-2025-10890, the malicious code on the page could trigger the side-channel flaw, allowing the attacker to infer data from other websites or processes running on the user’s machine.
The two integer overflow flaws, if exploited, could lead to abrupt browser crashes. While Google’s advisory does not confirm it, integer overflows can sometimes be chained with other exploits to gain full control over a compromised system, making them a serious threat.
In line with its standard security policy, Google is currently restricting access to the technical details and proof-of-concept exploits for these bugs.
This measure is intended to prevent widespread attacks by giving the majority of users sufficient time to install the security patch. The restrictions will be lifted once the update has been broadly deployed.
Google strongly recommends that all Chrome users ensure their browser is updated to the latest version to defend against potential exploitation.
To check for and install the update, users can navigate to the Chrome menu, select “Help,” and then click on “About Google Chrome.” The browser will automatically scan for the latest version and prompt the user to relaunch to complete the installation.
Google also extended its gratitude to the security researchers who contributed to identifying and reporting these vulnerabilities, highlighting the collaborative effort required to maintain browser security.
The company noted that many of its security bugs are detected using advanced testing tools like AddressSanitizer, MemorySanitizer, and various fuzzing libraries, which help identify and fix flaws before they can reach the stable channel.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
.webp?w=100&resize=100,70&ssl=1 "Top 10 Best Autonomous Endpoint Management Tools in 2025")
