This latest update addresses six critical security vulnerabilities, including three high-severity issues that could potentially compromise user data and browser stability through sophisticated attack vectors.
The security update tackles several high-priority vulnerabilities that were discovered through external security research and Google’s internal testing initiatives.
The most severe issues include CVE-2025-8879, a heap buffer overflow vulnerability in libaom reported by an anonymous researcher, and CVE-2025-8880, a race condition vulnerability in Google’s V8 JavaScript engine discovered by security researcher Seunghyun Lee.
Additionally, the update addresses CVE-2025-8901, an out-of-bounds write vulnerability in the ANGLE graphics library that was identified by Google’s automated Big Sleep security system.
Two medium-severity vulnerabilities were also resolved: CVE-2025-8881 affecting the File Picker implementation and CVE-2025-8882 involving a use-after-free vulnerability in the Aura window management system.
These vulnerabilities, while less critical, could still potentially be exploited by malicious actors to gain unauthorized access or cause system instability.
Google’s security team employed sophisticated detection methodologies to identify these vulnerabilities, utilizing industry-standard tools including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL (American Fuzzy Lop).
These automated testing frameworks continuously scan Chrome’s codebase for potential security flaws, memory corruption issues, and undefined behavior patterns that could be exploited by attackers.
The update deployment follows Google’s standard staged rollout approach, gradually distributing version 139.0.7258.127/.128 to users over the coming days and weeks.
This phased distribution strategy allows the company to monitor for any compatibility issues or unexpected behavior before reaching the complete user base.
Google maintains its policy of restricting access to detailed vulnerability information until the majority of users have received the security patches, ensuring that malicious actors cannot exploit known vulnerabilities while systems remain unprotected.
The company acknowledges the collaborative efforts of external security researchers who contributed to identifying these vulnerabilities during the development cycle, emphasizing the critical role of the broader security community in maintaining browser safety standards.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Chrome Update Fixes High-Severity Bugs Allowing Arbitrary Code Execution appeared first on Cyber Security News.
Cisco has released a critical security advisory warning of a severe vulnerability in its Secure…
A new and carefully crafted phishing campaign is currently targeting LastPass users, with attackers sending…
New York, USA, March 4th, 2026, CyberNewswire The industry must pivot to Preemptive Defense: As…
An urgent security advisory from Cisco warns that multiple vulnerabilities in Cisco Catalyst SD-WAN Manager…
Researchers have uncovered a critical zero-click vulnerability in FreeScout, a widely used open-source help desk…
Google has released a critical security update for Chrome, pushing the Stable channel to version…
This website uses cookies.