A critical security update has been released for Google Chrome, which addresses six security vulnerabilities that could be exploited to execute arbitrary code on affected systems. An emergency security update has therefore been distributed.
The update to stable version 139.0.7258.127/.128 for Windows and Mac and 139.0.7258.127 for Linux contains patches for several high-severity security flaws that pose significant risks to user data and system integrity.
The security update addresses three high-severity vulnerabilities that could lead to arbitrary code execution. CVE-2025-8879 represents a heap buffer overflow vulnerability in the libaom library, which handles video encoding and decoding operations.
This type of vulnerability allows attackers to write data beyond the allocated memory limits, potentially overwriting critical system information. CVE-2025-8880, however, addresses a race condition in Google’s V8 JavaScript engine, reported by security researcher Seunghyun Lee.
Race conditions occur when multiple processes attempt to access shared resources simultaneously, creating unpredictable behavior that attackers can exploit.
The third high-severity flaw, CVE-2025-8901, concerns an out-of-bounds write vulnerability in ANGLE (Almost Native Graphics Layer Engine), which translates OpenGL ES API calls to hardware-supported APIs.
The team at Chrome Security used several advanced detection methodologies to identify these vulnerabilities, including AddressSanitizer to detect memory corruption bugs, MemorySanitizer for uninitialized memory reads, and UndefinedBehaviorSanitizer to detect undefined behavior in C/C++ code.
The update also incorporates control flow integrity mechanisms and results from the libFuzzer and AFL (American Fuzzy Loop) testing frameworks.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
