Google Chrome V8 Engine High-Severity Vulnerability and Security Advisory
Google released a security advisory addressing a vulnerability in Chrome for Desktop, affecting versions prior to 141.0.7390.122/.123 on Windows and Mac, and 141.0.7390.122 on Linux. The flaw, identified as a high-severity issue in the V8 JavaScript engine (CVE-2025-12036), could allow attackers to exploit affected systems if not promptly patched. Security authorities have urged users and administrators to review the advisory and apply the necessary updates to mitigate potential risks.
The vulnerability in the V8 engine requires immediate attention due to its potential impact on system security. Organizations are advised to ensure all Chrome installations are updated to the latest stable versions to prevent exploitation. No evidence of active exploitation has been reported, but the critical nature of the flaw underscores the importance of timely patching to maintain secure environments.
Timeline
Oct 22, 2025
Advisory urges users to update Chrome for CVE-2025-12036
Security advisories published on October 22, 2025 indicated that Chrome should be updated immediately to address CVE-2025-12036. The Canadian Centre for Cyber Security also published a Google Chrome security advisory the same day.
Oct 22, 2025
Google Chrome flaw CVE-2025-12036 is disclosed
A new high-severity vulnerability in Chrome's V8 engine, tracked as CVE-2025-12036, was publicly reported. The available reporting identifies the issue as requiring prompt remediation but provides no further technical details.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Google Chrome Update Addresses High-Risk WebGPU and V8 Vulnerabilities
Google released a security update for Chrome Stable Channel (version 142.0.7444.134/.135) on Windows, macOS, and Linux, addressing five vulnerabilities, including three high-severity flaws in core browser components such as WebGPU, Views, and the V8 JavaScript engine. The Canadian Centre for Cyber Security and other sources urged users and administrators to review the advisory and apply the necessary updates to mitigate potential exploitation risks. The most critical vulnerabilities fixed include CVE-2025-12725, CVE-2025-12726, and CVE-2025-12727, which could allow attackers to compromise affected systems if left unpatched. Users are strongly advised to update their Chrome browsers to the latest version to ensure protection against these high-risk security issues.
1 months ago
Google Chrome Heap Corruption Vulnerability (CVE-2025-13042) Enables Remote Code Execution
A high-severity vulnerability, tracked as CVE-2025-13042, was identified in the V8 JavaScript engine of Google Chrome, allowing remote attackers to exploit heap corruption through specially crafted HTML pages. This flaw could enable remote code execution on affected systems, posing significant risks to users who visit malicious websites. Google released an emergency fix to address the issue, urging users to update their browsers immediately to mitigate potential exploitation. The vulnerability affects Google Chrome versions prior to 142.0.7444.166, and its severity is underscored by a CVSS score of 8.8. Security advisories highlight that the flaw is remotely exploitable and could be leveraged by attackers to gain control over vulnerable systems. Organizations are advised to prioritize patching and monitor for any signs of exploitation in their environments.
1 months ago
Critical Vulnerabilities Patched in Google Chrome 142 Stable Release
Google released Chrome 142 to the stable channel for Windows, Mac, Linux, Android, and ChromeOS, addressing 20 security vulnerabilities, many of which are rated high severity. The update includes fixes for several critical issues in the V8 JavaScript engine, such as type confusion (CVE-2025-12428), inappropriate implementation (CVE-2025-12429, CVE-2025-12432, CVE-2025-12433, CVE-2025-12036), and race conditions, all of which could potentially allow remote code execution. Additional patches resolve use-after-free, out-of-bounds read, policy bypasses in Extensions, and security UI flaws that could mislead users about website authenticity. The Canadian Centre for Cyber Security issued an advisory urging users and administrators to update Chrome to version 142.0.7444.59/60 or later on Windows, Mac, and Linux platforms to mitigate these vulnerabilities. The advisory highlights the importance of promptly applying security updates to protect against exploitation of these critical flaws, especially those affecting the V8 engine and browser security components.
1 months ago