Google has officially released Chrome 140 to the stable channel across all major platforms, including Windows, Mac, Linux, Android, and iOS. The update delivers stability, performance improvements, and significant security enhancements. The desktop release is identified as build 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, with an extended-stable channel update at 140.0.7339.81. Mobile users are receiving version 140.0.7339.35 on Android and 140.0.7339.95 on iOS, though the rollout will occur gradually over the coming weeks. Due to the critical nature of the patched flaws, users are strongly urged to manually check for updates via the “About Google Chrome” page.

The most critical fix in Chrome 140 addresses a high-severity vulnerability, CVE-2025-9864, described as a use-after-free flaw in Chrome’s V8 JavaScript and WebAssembly engine. Such vulnerabilities arise when memory is improperly managed, allowing attackers to manipulate deallocated memory. In practice, this could enable malicious webpages to trigger crashes or execute arbitrary code, posing a serious risk of remote compromise. The flaw was reported on July 28, 2025, by Security Team. If left unpatched, it could serve as a powerful entry point for targeted exploitation campaigns.

Alongside CVE-2025-9864, Google patched several medium-severity vulnerabilities affecting different browser components. These include CVE-2025-9865 in the Toolbar, CVE-2025-9866 in Extensions, and CVE-2025-9867 in Downloads. Google rewarded external researchers a combined $10,000 for responsibly disclosing these issues, underscoring the importance of community contributions to Chrome’s security ecosystem. In addition, the release brings functional improvements such as GPU rasterization, faster HTTP/3 support, and CSS Container Queries, strengthening both security and user experience.

Internally, Google continues to rely on advanced security auditing tools and fuzzing frameworks, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, libFuzzer, and AFL, to proactively detect memory-related bugs before they can be exploited. As part of its responsible disclosure policy, Google is withholding detailed technical information about the patched flaws until a majority of users apply the update, reducing the risk of active exploitation. This structured rollout highlights the ongoing balance between transparency and protection, ensuring that Chrome remains resilient against evolving threats while maintaining performance and feature innovation.