Google Chrome Update Addresses High-Risk WebGPU and V8 Vulnerabilities
Google released a security update for Chrome Stable Channel (version 142.0.7444.134/.135) on Windows, macOS, and Linux, addressing five vulnerabilities, including three high-severity flaws in core browser components such as WebGPU, Views, and the V8 JavaScript engine. The Canadian Centre for Cyber Security and other sources urged users and administrators to review the advisory and apply the necessary updates to mitigate potential exploitation risks.
The most critical vulnerabilities fixed include CVE-2025-12725, CVE-2025-12726, and CVE-2025-12727, which could allow attackers to compromise affected systems if left unpatched. Users are strongly advised to update their Chrome browsers to the latest version to ensure protection against these high-risk security issues.
Timeline
Nov 7, 2025
Canadian Centre for Cyber Security publishes Chrome advisory AV25-728
The Canadian Centre for Cyber Security published advisory AV25-728 to notify users and organizations about the Google Chrome security update and the associated vulnerabilities. The advisory amplified official guidance to apply the patched browser version.
Nov 6, 2025
Google releases Chrome update fixing high-risk WebGPU and V8 flaws
Google issued a Chrome security update addressing multiple high-risk vulnerabilities, including CVE-2025-12725, CVE-2025-12726, and CVE-2025-12727 affecting components such as WebGPU and V8. The update was reported as the primary remediation event for the disclosed flaws.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Google Chrome 142 Emergency Update Addresses Multiple High-Risk RCE Vulnerabilities
Google released an emergency update for its Chrome browser, version 142, to patch five security vulnerabilities, including three high-severity flaws that could allow remote code execution (RCE) on Windows, macOS, Linux, and Android platforms. The most critical vulnerability, CVE-2025-12725, is an out-of-bounds write in the WebGPU graphics interface, which could enable attackers to execute arbitrary code by corrupting system memory. Two additional high-severity vulnerabilities, CVE-2025-12726 in the Views component and CVE-2025-12727 in the V8 JavaScript engine, were also addressed, both posing significant risk for memory manipulation and potential code execution. Google has limited the release of technical details to prevent exploitation before users apply the update, but internal assessments rate the vulnerabilities with a CVSS 3.1 score of 8.8, indicating a direct and serious risk. The update is being distributed across all major desktop and mobile platforms, and users are strongly advised to update Chrome promptly to mitigate the risk of exploitation. Two medium-severity issues in the Omnibox were also fixed in this release.
1 months ago
Critical Vulnerabilities Patched in Google Chrome 142 Stable Release
Google released Chrome 142 to the stable channel for Windows, Mac, Linux, Android, and ChromeOS, addressing 20 security vulnerabilities, many of which are rated high severity. The update includes fixes for several critical issues in the V8 JavaScript engine, such as type confusion (CVE-2025-12428), inappropriate implementation (CVE-2025-12429, CVE-2025-12432, CVE-2025-12433, CVE-2025-12036), and race conditions, all of which could potentially allow remote code execution. Additional patches resolve use-after-free, out-of-bounds read, policy bypasses in Extensions, and security UI flaws that could mislead users about website authenticity. The Canadian Centre for Cyber Security issued an advisory urging users and administrators to update Chrome to version 142.0.7444.59/60 or later on Windows, Mac, and Linux platforms to mitigate these vulnerabilities. The advisory highlights the importance of promptly applying security updates to protect against exploitation of these critical flaws, especially those affecting the V8 engine and browser security components.
1 months ago
Google Chrome Stable Channel Update Fixes Three High-Severity Vulnerabilities
Google released a **Chrome Stable Channel** security update for desktop, shipping **145.0.7632.116/117** for Windows and macOS and **144.0.7559.116** for Linux, and urged users to apply updates as they roll out. The Canadian Centre for Cyber Security echoed the guidance in advisory **AV26-159**, recommending administrators review Google’s bulletin and deploy the patched versions to address the disclosed vulnerabilities. Reporting on the release described an “emergency” update that fixes **three High-severity CVEs**, including multiple **out-of-bounds memory access** issues with potential exploitation impact (e.g., memory corruption that can contribute to remote code execution or exploit chains). The vulnerabilities highlighted include `CVE-2026-3061` (out-of-bounds read in Chrome’s **Media** component, reported by Luke Francis) and `CVE-2026-3062` (out-of-bounds read/write in **Tint** / WebGPU shader compiler, reported by Cinzinga), with the update recommended for rapid enterprise deployment due to the risk posed by unpatched browsers.
1 months ago