Google security patch release for CVE-2025-9864
Security Patch Release
Summary
Hide ▲
Show ▼
Google released Chrome 140 to the stable channel with patches for six vulnerabilities, including CVE-2025-9864 in the V8 JavaScript engine. The most severe bug is a high-severity use-after-free that can lead to heap corruption and possible RCE through crafted HTML pages. Google said no bug bounty reward will be paid for this defect yet and that details will stay restricted until most users are patched. The release also fixes medium-severity implementation bugs in Toolbar, Extensions, and Downloads, and users are urged to update as soon as possible.
Related Happenings
Google security patch release for CVE-2026-5858
Security Patch Release
First: 10.04.2026 13:44
Last: 10.04.2026 13:44
Sources 1
About this happening:
**Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...
Google security patch release for CVE-2026-5858
Security Patch ReleaseAbout this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...
Google security patch release for CVE-2026-5281
Security Patch Release
First: 01.04.2026 13:25
Last: 01.04.2026 13:25
Sources 1
About this happening:
**Google** issued **emergency Chrome updates** to fix **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU** that was **exploited in the wild**, creating crash, corruptio...
Google security patch release for CVE-2026-5281
Security Patch ReleaseAbout this happening: **Google** issued **emergency Chrome updates** to fix **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU** that was **exploited in the wild**, creating crash, corruptio...
Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch Release
First: 18.03.2026 03:06
Last: 18.03.2026 03:06
Sources 1
About this happening:
Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...
Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch ReleaseAbout this happening: Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...
Chrome emergency zero-day patch (CVE-2026-3909, CVE-2026-3910)
Security Patch Release
First: 13.03.2026 08:56
Last: 13.03.2026 08:56
Sources 1
About this happening:
**Google** pushed an **emergency Chrome update** for **Stable Desktop users** on **Windows, macOS, and Linux** after confirming **CVE-2026-3909** and **CVE-2026-3910** are **explo...
Chrome emergency zero-day patch (CVE-2026-3909, CVE-2026-3910)
Security Patch ReleaseAbout this happening: **Google** pushed an **emergency Chrome update** for **Stable Desktop users** on **Windows, macOS, and Linux** after confirming **CVE-2026-3909** and **CVE-2026-3910** are **explo...
Latest development: 13.03.2026 11:17
Google discovers and reports CVE-2026-3909, an out-of-bounds write vulnerability in the Skia 2D graphics library, and CVE-2026-3910, an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine, on March 10, 2026; both issues are reachable via crafted HTML pages.
Google security patch release for CVE-2026-21385
Security Patch Release
First: 03.03.2026 10:19
Last: 03.03.2026 10:19
Sources 1
About this happening:
Google released **Android** security updates covering **129 vulnerabilities**, including an **actively exploited zero-day** in a **Qualcomm display component**, creating urgent ri...
Google security patch release for CVE-2026-21385
Security Patch ReleaseAbout this happening: Google released **Android** security updates covering **129 vulnerabilities**, including an **actively exploited zero-day** in a **Qualcomm display component**, creating urgent ri...
Timeline
-
03.09.2025 17:29 1 articles · 8mo ago
Google patches CVE-2025-9864 in Chrome 140
Technical Analysis UpdateGoogle released Chrome 140 to the stable channel with patches for six vulnerabilities, including CVE-2025-9864, a high-severity use-after-free in the V8 JavaScript engine reported by the Yandex Security Team. The flaw can let JavaScript access deallocated objects, leading to heap corruption and possible remote code execution through crafted HTML pages.
Show sources
- Google Patches High-Severity Chrome Vulnerability in Latest Update — www.securityweek.com — 03.09.2025 17:29
-
03.09.2025 17:29 2 articles · 8mo ago
Chrome 140 rolls out with update advice for Windows, macOS, and Linux
Mitigation Patch UpdateChrome 140.0.7339.80/81 is rolling out for Windows and macOS, Chrome 140.0.7339.80 is rolling out for Linux, and the extended stable channel has moved to Chrome 140.0.7339.81 for Windows and macOS. Google said no bug bounty reward will be paid for CVE-2025-9864, kept bug details restricted until most users are patched, and issued rewards of $5,000, $4,000, and $1,000 for the other externally reported Chrome defects in Toolbar, Extensions, and Downloads. Google also said there is no indication that any of the vulnerabilities were exploited in the wild and advised users to update their browsers as soon as possible.
Show sources
- Google Patches High-Severity Chrome Vulnerability in Latest Update — www.securityweek.com — 03.09.2025 17:29
- Google Patches High-Severity Chrome Vulnerability in Latest Update — www.securityweek.com — 03.09.2025 17:29