M-139, ChromeOS version 16328.55.0 (Browser version 139.0.7258.137), has rolled out to ChromeOS devices on the Stable channel.
If you find new issues, please let us know one of the following ways:
-
Visit our ChromeOS communities
-
General: Chromebook Help Community
-
Beta Specific: ChromeOS Beta Help Community
-
Interested in switching channels? Find out how.
Security Fixes and Rewards
Other 3rd Party Security Fixes Included:
High Fixes CVE-2025-0932 Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver
Medium Fixes CVE-2025-38349Use After Free vulnerability on Linux system as a local user.
Android Security fixes can be found here
Chrome Browser Security Fixes:
[$TBD] [423387026] Medium CVE-2025-8578 Use after free in Cast. Reported by Fayez on 2025-06-09
[$2000.0] [416942878] Low CVE-2025-8581 Inappropriate implementation in Extensions. Reported by Vincent Dragnea on 2025-05-11
[$2000.0] [414760982] Medium CVE-2025-8576 Use after free in Extensions. Reported by asnine on 2025-04-30
[$2000.0] [411544197] Low CVE-2025-8580 Inappropriate implementation in Filesystems. Reported by Huuuuu on 2025-04-18
[$500.0] [373794472] Low CVE-2025-8583 Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-10-16
[$1000.0] [40089450] Low CVE-2025-8582 Insufficient validation of untrusted input in DOM. Reported by Anonymous on 2017-10-31
[$TBD] [435139154] High CVE-2025-8901 Out of bounds write in ANGLE. Reported by Google Big Sleep on 2025-07-30
[$TBD] [433800617] Medium CVE-2025-8881 Inappropriate implementation in File Picker. Reported by Alesandro Ortiz on 2025-07-23
[$70000.0] [433533359] High CVE-2025-8880 Race in V8. Reported by Seunghyun Lee (@0x10n) on 2025-07-23
[$7000.0] [432035817] High CVE-2025-8879 Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15
Andy Wu
Google ChromeOS