Google has issued a final security update for Chrome 140 ahead of the browser’s transition to Chrome 141 in early October. The patch, released as version 140.0.7339.207/208 for Windows and macOS and 140.0.7339.207 for Linux, resolves three vulnerabilities in the V8 JavaScript engine. According to Google, attackers have not exploited these flaws in the wild, but they carried a “high risk” rating.
Among them, CVE-2025-10890 is a side-channel information leak, while CVE-2025-10891 and CVE-2025-10892 are integer overflow issues. Notably, the latter two were uncovered by Google’s own automated detection system, “Big Sleep,” an AI tool built on Gemini that can identify security weaknesses without direct human intervention. This highlights Google’s growing reliance on AI to bolster Chrome’s security posture.
Like most Chrome releases, the update will apply automatically, though users can check for it manually via the Help > About Google Chrome menu. Google has also published Chrome for Android version 140.0.7339.207, ensuring mobile users receive the same protections.
With the patch now live, developers of other Chromium-based browsers must update their products as well. Edge, Brave, and Vivaldi are already aligned with Chromium 140, meaning their users will soon see equivalent security fixes. Opera, however, continues to trail behind on Chromium 138, despite backporting some key patches. That leaves Opera users potentially exposed to unresolved flaws until the browser is updated to a newer Chromium baseline.