Chrome High-severity Flaws Expose Sensitive Data, Trigger System Crashes
Google has released an urgent security update for its Chrome browser, addressing three high-severity vulnerabilities that could allow attackers to leak sensitive information and cause system instability.
The latest Chrome version 140.0.7339.207/.208 for Windows and Mac, and 140.0.7339.207 for Linux, patches critical flaws in the V8 JavaScript engine that powers the browser’s web content processing.
Critical V8 Engine Vulnerabilities Discovered
The security update tackles three distinct vulnerabilities, all classified as high-severity threats.
The most concerning flaw, CVE-2025-10890, involves a side-channel information leakage vulnerability in Chrome’s V8 JavaScript engine.
| CVE Number | Severity | Vulnerability Type |
| CVE-2025-10890 | High | Side-channel information leakage |
| CVE-2025-10891 | High | Integer overflow |
| CVE-2025-10892 | High | Integer overflow |
This type of vulnerability can potentially allow malicious websites to extract sensitive data from users’ browsing sessions by exploiting timing differences in code execution.
Security researcher Mate Marjanović from SharpEdged discovered and reported this critical vulnerability on July 9, 2025.
Side-channel attacks represent a sophisticated threat vector where attackers don’t directly access data but instead analyze indirect information like execution timing, power consumption, or electromagnetic emissions to infer sensitive information.
Two additional high-severity vulnerabilities, CVE-2025-10891 and CVE-2025-10892, involve integer overflow conditions within the V8 engine.
These flaws were identified by Google’s automated security research project, Big Sleep, on September 9 and 10, 2025, respectively.
Integer overflow vulnerabilities occur when arithmetic operations produce results that exceed the maximum value a data type can store, potentially leading to memory corruption, unexpected behavior, or system crashes.
Integer overflow vulnerabilities in browser engines are particularly dangerous because they can be triggered through maliciously crafted JavaScript code on websites.
Successful exploitation could allow attackers to execute arbitrary code, crash the browser, or potentially gain unauthorized access to system resources.
The V8 engine processes JavaScript code from every website users visit, making these vulnerabilities especially critical for user security.
Chrome users should immediately update their browsers to protect against these vulnerabilities.
The update will roll out gradually over the coming days and weeks through Chrome’s automatic update mechanism.
Users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Chrome.”
Google’s security team emphasized that access to detailed bug information remains restricted until most users receive the security patches.
This approach prevents potential attackers from studying vulnerability details before users can protect themselves with the latest updates.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
Post Comment