Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN576
_____________________________________________________________________

DATE                : 04/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Google Chrome versions prior to
                                  140.0.7339.80/81.

=====================================================================
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html
_____________________________________________________________________

Stable Channel Update for Desktop
Tuesday, September 2, 2025

The Chrome team is delighted to announce the promotion of Chrome 140
to the stable channel for Windows, Mac and Linux. This will roll out
over the coming days/weeks.

Chrome 140.0.7339.80 (Linux) 140.0.7339.80/81 Windows and Mac
contains a number of fixes and improvements -- a list of changes is
available in the log. Watch out for upcoming Chrome and Chromium blog
posts about new features and big efforts delivered in 140.

Extended stable channel has been updated with 140.0.7339.81 for
windows/mac


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until
a majority of users are updated with a fix. We will also retain
restrictions if the bug exists in a third party library that other
projects similarly depend on, but haven’t yet fixed.


This update includes 6 security fixes.

Below, we highlight fixes that were contributed by external
researchers.

Please see the Chrome Security Page for more information.


[NA][434513380] High CVE-2025-9864: Use after free in V8. Reported
by Pavel Kuzmin of Yandex Security Team on 2025-07-28

[$5000][437147699] Medium CVE-2025-9865: Inappropriate implementation
in Toolbar. Reported by Khalil Zhani on 2025-08-07

[$4000][379337758] Medium CVE-2025-9866: Inappropriate implementation
in Extensions. Reported by NDevTK on 2024-11-16

[$1000][415496161] Medium CVE-2025-9867: Inappropriate implementation
in Downloads. Reported by Farras Givari on 2025-05-04


We would also like to thank all security researchers that worked with
us during the development cycle to prevent security bugs from ever
reaching the stable channel.

As usual, our ongoing internal security work was responsible for a
wide range of fixes:

    [442611697] Various fixes from internal audits, fuzzing and other
initiatives


Many of our security bugs are detected using AddressSanitizer,
MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity,
libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you
find a new issue, please let us know by filing a bug. The community
help forum is also a great place to reach out for help or learn about
common issues.


Srinivas Sista

Google Chrome

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================