Shortly after selling Chrome 142 to the steady channel, Google pushed out an replace to handle 5 vulnerabilities within the browser, together with three high-severity flaws.
The primary high-risk difficulty is CVE-2025-12725 (CVSS rating of 8.8), described as an out-of-bounds write bug in Chrome’s WebGPU graphics API, which delivers high-performance visuals by permitting web sites to work together with the system’s GPU.
Out-of-bounds defects are rooted in inadequate bounds checking, which permits attackers to write down knowledge outdoors of the meant reminiscence house, probably resulting in crashes or arbitrary code execution.
Based on SOCRadar, the rising use of browser-based AI and graphics workloads will increase the danger of the vulnerability’s exploitation.
The remaining two high-severity bugs resolved with the contemporary Chrome replace are inappropriate implementations within the Views framework and the V8 JavaScript engine, tracked as CVE-2025-12726 and CVE-2025-12727 (CVSS rating of 8.8).
The Views flaw exists as a result of UI object references are dealt with in an unsafe method, which might enable attackers to set off reminiscence corruption through crafted webpages or extensions. Profitable exploitation of the defect might additionally result in unintended entry to interface elements.
Vulnerabilities in Chrome’s V8 JavaScript and WebAssembly engine are standard targets for menace actors. Sort confusion and reminiscence corruption points in V8 are sometimes exploited for distant code execution.
The remaining two safety defects resolved with this Chrome 142 replace are medium-severity inappropriate implementations in Omnibox, tracked as CVE-2025-12728 and CVE-2025-12729.Commercial. Scroll to proceed studying.
Google makes no point out of any of those vulnerabilities being exploited within the wild. The most recent Chrome iteration is now rolling out as model 142.0.7444.134 for Linux, model 142.0.7444.135 for Mac, and variations 142.0.7444.134/.135 for Home windows.
“Browsers have quietly grow to be the one largest assault floor in practically each group. Most customers preserve dozens of tabs open all through the day, a lot of which stay lively within the background. Every of these pages can embrace scripts, advertisements, and dynamic parts that change or redirect with out discover, successfully making the browser a dwell goal surroundings,” Action1 CTO Gene Moody stated.
“Due to this, browser vulnerabilities are a steady threat as a result of exploits typically emerge and unfold quicker than conventional patch cycles can reply, which is why browser updates now launch extra regularly than virtually some other software program. In lots of instances, vital fixes arrive a number of instances every week,” Moody added.
Associated: Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
Associated: Chrome to Flip HTTPS on by Default for Public Websites
Associated: Chrome Zero-Day Exploitation Linked to Hacking Staff Spy ware
Associated: Chrome 141 and Firefox 143 Patches Repair Excessive-Severity Vulnerabilities
