Google has rolled out an pressing safety patch for its Chrome browser, addressing 5 vulnerabilities that would allow attackers to execute malicious code remotely.
The replace, model 142.0.7444.134/.135 for Home windows, 142.0.7444.135 for macOS, and 142.0.7444.134 for Linux, targets vital flaws in core parts like WebGPU and the V8 JavaScript engine.
The patch arrives amid heightened scrutiny of browser safety, as WebGPU, a contemporary API for GPU-accelerated net purposes, has develop into a first-rate goal for stylish exploits.
Distant code execution vulnerabilities in such parts might permit malicious web sites to hijack person techniques with none interplay past visiting a compromised web page.
Google emphasised that the fixes had been developed in collaboration with exterior researchers, stopping these points from reaching a wider viewers. The replace will propagate progressively over the approaching days and weeks to make sure stability throughout thousands and thousands of gadgets worldwide.
Key Vulnerabilities Patched in Chrome 142
Among the many 5 safety fixes, three stand out for his or her excessive severity, together with the out-of-bounds write in WebGPU and inappropriate implementations in V8 and Views.
These flaws, if unpatched, might result in reminiscence corruption, enabling attackers to run arbitrary code, steal delicate knowledge, or set up malware. The remaining two medium-severity points have an effect on the Omnibox handle bar, doubtlessly exposing customers to phishing or injection dangers.
For an in depth breakdown, the next desk summarizes the CVEs, their severity, affected parts, and technical particulars based mostly on Google’s disclosures:
CVE IDSeverityAffected ComponentDescription and ImpactCVSS v3.1 Rating (Estimated)Reported ByDate ReportedCVE-2025-12725HighWebGPUOut-of-bounds write flaw permitting reminiscence corruption and distant code execution by way of malicious net content material. Impacts rendering of GPU-accelerated graphics in net apps.8.8 (Excessive)Anonymous2025-09-09CVE-2025-12726HighViewsInappropriate implementation resulting in UI manipulation and potential distant code execution by crafted net pages. Impacts browser’s visible rendering engine.8.1 (Excessive)Alesandro Ortiz2025-09-25CVE-2025-12727HighV8Inappropriate implementation in JavaScript engine enabling heap corruption and distant code execution. Exploitable by way of specifically crafted scripts on web sites.8.8 (Excessive)303f06e32025-10-23CVE-2025-12728MediumOmniboxInappropriate implementation permitting handle bar spoofing, which might facilitate phishing assaults. No direct code execution however aids social engineering.6.5 (Medium)Hafiizh2025-10-16CVE-2025-12729MediumOmniboxSimilar implementation flaw in handle bar, enabling URL manipulation for misleading person interfaces.6.1 (Medium)Khalil Zhani2025-10-23
These estimates for CVSS scores align with typical rankings for comparable browser flaws, emphasizing the urgency of the high-severity points. Google has restricted full bug particulars till most customers replace, an ordinary observe to restrict exploit improvement.
This replace highlights the vulnerabilities inherent in trendy net requirements like WebGPU, which promise enhanced efficiency for gaming and AI purposes however introduce new assault surfaces.
V8, powering Chrome’s JavaScript execution, stays a frequent goal on account of its ubiquity throughout net ecosystems. Safety instruments reminiscent of AddressSanitizer and libFuzzer performed a vital position in detecting these bugs throughout improvement, showcasing proactive measures in Chromium’s pipeline.
Customers ought to instantly test for updates by way of Chrome’s settings menu underneath “About Chrome” to use the patch. Enterprises counting on Chrome for company environments are suggested to implement auto-updates and monitor for indicators of exploitation, reminiscent of uncommon browser crashes or community anomalies.
As cyber threats evolve, this incident serves as a reminder of the significance of well timed patching in safeguarding digital lives.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
