Google has deployed a comprehensive security update for Chrome’s stable channel, bringing the browser to version 139.0.7258.127/.128 across Windows, Mac, and Linux platforms.
This latest update addresses six critical security vulnerabilities, including three high-severity issues that could potentially compromise user data and browser stability through sophisticated attack vectors.
Critical Vulnerabilities Patched in Latest Release
The security update tackles several high-priority vulnerabilities that were discovered through external security research and Google’s internal testing initiatives.
The most severe issues include CVE-2025-8879, a heap buffer overflow vulnerability in libaom reported by an anonymous researcher, and CVE-2025-8880, a race condition vulnerability in Google’s V8 JavaScript engine discovered by security researcher Seunghyun Lee.
Additionally, the update addresses CVE-2025-8901, an out-of-bounds write vulnerability in the ANGLE graphics library that was identified by Google’s automated Big Sleep security system.
Two medium-severity vulnerabilities were also resolved: CVE-2025-8881 affecting the File Picker implementation and CVE-2025-8882 involving a use-after-free vulnerability in the Aura window management system.
These vulnerabilities, while less critical, could still potentially be exploited by malicious actors to gain unauthorized access or cause system instability.
Advanced Detection Methods and Gradual Rollout Strategy
Google’s security team employed sophisticated detection methodologies to identify these vulnerabilities, utilizing industry-standard tools including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL (American Fuzzy Lop).
These automated testing frameworks continuously scan Chrome’s codebase for potential security flaws, memory corruption issues, and undefined behavior patterns that could be exploited by attackers.
The update deployment follows Google’s standard staged rollout approach, gradually distributing version 139.0.7258.127/.128 to users over the coming days and weeks.
This phased distribution strategy allows the company to monitor for any compatibility issues or unexpected behavior before reaching the complete user base.
Google maintains its policy of restricting access to detailed vulnerability information until the majority of users have received the security patches, ensuring that malicious actors cannot exploit known vulnerabilities while systems remain unprotected.
The company acknowledges the collaborative efforts of external security researchers who contributed to identifying these vulnerabilities during the development cycle, emphasizing the critical role of the broader security community in maintaining browser safety standards.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=This latest update addresses six critical security vulnerabilities, including three high-severity issues that could potentially compromise user data){kind=link}