Overview
- Chrome versions 140.0.7339.207/.208 for Windows and macOS and 140.0.7339.207 for Linux and Android address three V8 engine vulnerabilities.
- CVE-2025-10890 is an information‑leak via side channel reported by an external researcher, while CVE-2025-10891 and CVE-2025-10892 are integer overflows found by Google's Big Sleep AI tool.
- Google rates the issues as high risk, warning they could enable code execution, crashes, or data exposure on affected systems.
- The company says it has not observed exploitation in the wild and recommends users trigger the update check and install promptly.
- Chromium‑based browsers are expected to follow with updates or backports; Edge, Brave, and Vivaldi are on Chromium 140, while Opera remains on an older base and has backported some fixes.