Overview
- Google confirms in‑the‑wild attacks on a V8 type‑confusion flaw detected by its Threat Analysis Group on September 16.
- Patched builds are 140.0.7339.185/.186 for Windows and macOS, 140.0.7339.185 for Linux, 140.0.7339.155 for Android, and 141.0.7390.26 for iOS.
- The release also fixes use‑after‑free bugs in Dawn (WebGPU) and WebRTC plus a heap overflow in ANGLE, with two issues reported by external researchers.
- Google notes bug‑bounty payouts for the Dawn and WebRTC reports ($15,000 and $10,000) and credits its Big Sleep tool for finding the ANGLE flaw.
- Other Chromium browsers must roll out corresponding fixes, with Edge and Brave on Chromium 140 but not at Chrome’s latest level, and Vivaldi and Opera still catching up or backporting.