Google has officially released Chrome 140 to the stable channel, initiating a comprehensive rollout across multiple platforms, including Windows, Mac, Linux, Android, and iOS. This latest update introduces significant stability and performance improvements, alongside critical security patches addressing six vulnerabilities, one of which is a high-severity flaw that could potentially allow remote code execution.
Key Highlights of Chrome 140:
1. Security Enhancements: The update addresses six security vulnerabilities, including a high-severity use-after-free flaw in the V8 JavaScript engine.
2. Performance Improvements: Users can expect enhanced stability and performance across all supported platforms.
3. New Features: The release includes support for GPU rasterization, faster HTTP/3 protocols, and CSS Container Queries, enhancing web development capabilities.
Security Vulnerabilities Addressed:
The most critical issue resolved in this update is a high-severity vulnerability identified as CVE-2025-9864. This flaw is described as a use-after-free in V8, the open-source JavaScript and WebAssembly engine that powers Chrome. A use-after-free vulnerability occurs when a program continues to use a pointer after the memory it points to has been deallocated. By manipulating this memory state, an attacker could craft a malicious webpage that triggers the bug, potentially leading to a browser crash or, in a worst-case scenario, the execution of arbitrary code on the victim’s system. This vulnerability was reported by Pavel Kuzmin of the Yandex Security Team on July 28, 2025.
In addition to the V8 flaw, Google patched several medium-severity bugs reported by external researchers, including:
– CVE-2025-9865: An inappropriate implementation in the Toolbar.
– CVE-2025-9866: An inappropriate implementation in Extensions.
– CVE-2025-9867: An inappropriate implementation in Downloads.
Google awarded a total of $10,000 in bounties to the external researchers who discovered and reported these vulnerabilities.
Update Rollout Details:
The new desktop version is identified as build 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac. The update is also being pushed to the Extended Stable channel with build 140.0.7339.81. Mobile users will see updates with version 140.0.7339.35 on Android and 140.0.7339.95 on iOS. While Google notes the rollout will occur over the coming days and weeks, manually checking for the update is recommended due to the severity of the patched flaws.
Additional Features and Improvements:
Beyond security fixes, Chrome 140 introduces several new features and improvements:
– GPU Rasterization: This feature offloads the rasterization process from the CPU to the GPU, resulting in smoother graphics rendering and improved performance, especially on graphics-intensive web applications.
– Faster HTTP/3 Support: Chrome 140 enhances support for HTTP/3, the latest version of the Hypertext Transfer Protocol. HTTP/3 uses QUIC, a transport layer network protocol that reduces latency compared to its predecessors, leading to faster and more reliable web page loading.
– CSS Container Queries Support: This addition allows developers to apply styles based on the size of a container rather than the viewport. This feature enables more responsive and modular design patterns, improving the adaptability of web layouts across different devices and screen sizes.
Security Measures and Recommendations:
Google’s internal security teams have implemented various enhancements in this release, utilizing advanced tools such as AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer, along with fuzzing technologies like libFuzzer and AFL. These tools proactively identify and mitigate memory corruption and other security flaws before they reach the stable channel.
As the update for Chrome 140 rolls out globally, Google is restricting access to specific bug details and links. This standard procedure is designed to prevent threat actors from reverse-engineering the exploits before a majority of users have installed the protective patch.
Users are strongly advised to update their browsers immediately to protect against potential exploitation. To ensure you are protected, navigate to Chrome’s “About Google Chrome” settings page, which will trigger the automatic download and installation of the latest version.
Conclusion:
The release of Chrome 140 underscores Google’s commitment to enhancing browser security and performance. By addressing critical vulnerabilities and introducing new features like GPU rasterization, faster HTTP/3 support, and CSS Container Queries, Chrome continues to provide a robust and efficient browsing experience. Users are encouraged to update their browsers promptly to benefit from these improvements and maintain optimal security.
