Google has launched Chrome 142 to the steady channel with patches for 20 vulnerabilities, together with seven high-, eight medium-, and 5 low-severity flaws.
4 of the high-severity bugs addressed on this Chrome launch have an effect on the browser’s V8 JavaScript and WebAssembly engine. Google paid $100,000 in bug bounty rewards for 2 of them.
Tracked as CVE-2025-12428, the primary is a sort confusion subject in V8 that earned Man Yue Mo of GitHub Safety Lab $50,000. An analogous reward was handed out to Aorui Zhang, who reported CVE-2025-12429, an inappropriate implementation defect within the JavaScript engine.
As ordinary, the web large has not shared technical particulars on the newly resolved vulnerabilities. Nevertheless, based mostly on the reward quantities handed out for these two bugs, it’s potential that they could possibly be exploited for distant code execution (RCE).
Google says it paid a $10,000 reward for a high-severity object lifecycle subject in Media, and $4,000 for a high-severity inappropriate implementation flaw in Extensions.
Nevertheless, no rewards had been handed out for 3 high-severity V8 defects that had been found by Google’s Large Sleep AI agent, which was launched by Google DeepMind and Undertaking Zero in November 2024.
Chrome 142 resolved medium-severity vulnerabilities in Storage, Omnibox, Extensions, PageInfo, Ozone, App-Sure Encryption, and V8, and low-severity flaws in Autofill, WebXR, Fullscreen UI, Extensions, and SplitView.
Google says it paid $130,000 in whole for the bugs fastened with the discharge of Chrome 142. Whereas no bounties might be awarded for 5 points, the corporate has but to reveal the quantities to be handed out for 2 defects.Commercial. Scroll to proceed studying.
The corporate makes no point out of any of those vulnerabilities being exploited within the wild.
The most recent Chrome iteration is now rolling out as model 142.0.7444.59 for Linux, variations 142.0.7444.59/60 for Home windows, and model 142.0.7444.60 for macOS.
Associated: Chrome to Flip HTTPS on by Default for Public Websites
Associated: Chrome Zero-Day Exploitation Linked to Hacking Staff Spyware and adware
Associated: Chrome 141 and Firefox 143 Patches Repair Excessive-Severity Vulnerabilities
Associated: Chrome 140 Replace Patches Sixth Zero-Day of 2025
