Google has released one final update for Chrome 140 before it gets replaced by Chrome 141. Google plans to release Chrome 141 at the beginning of October.
The developers have fixed several vulnerabilities in Chrome versions 140.0.7339.207/208 for Windows and macOS and 140.0.7339.207 for Linux. According to Google, none of these vulnerabilities have been exploited for attacks in the wild.
In the Chrome Releases blog post, Srinivas Sista lists the three fixed vulnerabilities, one of which was discovered by an external security researcher and reported to Google.
Security vulnerabilities fixed
Google classifies vulnerability CVE-2025-10890 as high risk, which is a side-channel information leak in the V8 JavaScript engine. The other two vulnerabilities (CVE-2025-10891 and CVE-2025-10892) are also found in the V8 engine, except these are high-risk integer overflows and were discovered by Google Big Sleep (an “AI” tool based on Gemini for detecting security vulnerabilities without human assistance).
As a rule, Chrome updates itself automatically when a new version is available. You can trigger the update check manually using the menu item Help > About Google Chrome. Google has also provided Chrome for Android 140.0.7339.207, which fixes the same vulnerabilities as in the desktop versions.
Other Chromium-based browsers
The manufacturers of other Chromium-based browsers are now required to follow suit with updates. Microsoft Edge, Brave, and Vivaldi have long since made the switch to Chromium 140 and are currently at the security level right before this Chrome update.
Opera has come closer again with its browser version 122, which is based on Chromium version 138, but still has a ways to go. Opera’s developers have also backported some important security fixes. However, there are still some open flaws with varying degrees of risk, and it’s not always clear whether they affect Chromium 138 at all.