Urgent Security Update for Google Chrome
Google has announced a crucial security update for its Chrome web browser, addressing three significant vulnerabilities with high severity that could enable malicious actors to gain access to sensitive data or induce system crashes.
The company urges users to promptly update their browsers to mitigate the risks associated with these identified flaws.
This latest patch upgrades the Chrome Stable channel to versions 140.0.7339.207/.208 for both Windows and Mac, while Linux users will receive version 140.0.7339.207. Distribution of the update will occur automatically over the next several days, although users may opt for a manual update to expedite their protection.
All three vulnerabilities reside within the V8 JavaScript and WebAssembly engine, a fundamental element of Chrome employed in code execution.
The first vulnerability, designated as CVE-2025-10890, pertains to a side-channel information leakage issue. This flaw could enable a remote attacker—who successfully persuades a victim to visit a malicious site—to access sensitive data from the browser’s memory, circumventing established security protocols meant to safeguard information. This vulnerability was reported by external security researcher Mate Marjanović.
The other two vulnerabilities, CVE-2025-10891 and CVE-2025-10892, are classified as integer overflows within the V8 engine. These were uncovered by Google’s Big Sleep research team. An integer overflow manifests when a numerical value exceeds the allocated memory space, resulting in unexpected behavior as the value “wraps around.”
In the context of a browser, attackers may exploit such flaws to orchestrate denial-of-service conditions—crashing the renderer process—or executing arbitrary code on the compromised system.
Potential Exploitation by Malicious Actors
A successful exploitation of these vulnerabilities typically necessitates that an attacker coaxes a victim into visiting a meticulously crafted, malicious webpage.
In the case of CVE-2025-10890, the malicious script could exploit the side-channel vulnerability, allowing attackers to extract data from other active websites or processes on the victim’s device.
Conversely, the integer overflow vulnerabilities can lead to abrupt browser crashes. While Google’s advisory offers no definitive confirmation, such overflows can occasionally be combined with other exploits, potentially granting full control over a compromised system, thus constituting a severe security threat.
In alignment with its standard security protocols, Google is currently withholding access to technical specifics and proof-of-concept exploits related to these vulnerabilities. This strategy aims to prevent widespread attacks and affords the majority of users ample opportunity to apply the necessary security patch. Access restrictions will be lifted once the update is widely implemented.
Google strongly advises all Chrome users to ensure their browsers are updated to the latest version to safeguard against potential exploits.
To check for and install the update, users may navigate to the Chrome menu, select “Help,” and subsequently click on “About Google Chrome.” The browser will conduct a scan for the latest version and prompt users to relaunch to finalize the installation.
Google also expresses gratitude to the security researchers who played a role in identifying and reporting these vulnerabilities, underscoring the collaborative nature of maintaining browser security.
The company notes that many of its security issues are detected through advanced testing tools, including AddressSanitizer, MemorySanitizer, and various fuzzing libraries, which facilitate the identification and resolution of flaws prior to reaching the stable channel.
Source link: Cybersecuritynews.com.
