Google Chrome 143 Update Addresses 13 Vulnerabilities Including High-Severity V8 Type Confusion
Google released Chrome version 143 for the Stable Channel, addressing 13 security vulnerabilities, including a high-severity type confusion flaw in the V8 JavaScript engine. The V8 vulnerability was notable enough to earn an $11,000 bug bounty, highlighting its potential impact on user security. The update is available for Windows, Mac, and Linux platforms, and users are strongly encouraged to apply the patch to mitigate exploitation risks.
The Canadian Centre for Cyber Security issued an advisory urging administrators and users to update Chrome to version 143.0.7499.40/41 (Windows/Mac) and 143.0.7499.40 (Linux) or later. The advisory underscores the importance of timely updates to address these vulnerabilities and maintain the security of desktop environments running Google Chrome.
Timeline
Dec 3, 2025
Canadian Centre for Cyber Security issues Chrome 143 security advisory
The Canadian Centre for Cyber Security published advisory AV25-802 to notify users and organizations about the Google Chrome security update and associated vulnerabilities. The advisory directed affected users to apply the latest Chrome update.
Dec 3, 2025
Google releases Chrome 143 Stable with fixes for 13 vulnerabilities
Google released Chrome 143 Stable to address 13 security flaws, including a high-severity V8 type confusion issue. One of the reported bugs earned an $11,000 bounty, indicating external researcher disclosure as part of the release.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Critical Vulnerabilities Patched in Google Chrome 142 Stable Release
Google released Chrome 142 to the stable channel for Windows, Mac, Linux, Android, and ChromeOS, addressing 20 security vulnerabilities, many of which are rated high severity. The update includes fixes for several critical issues in the V8 JavaScript engine, such as type confusion (CVE-2025-12428), inappropriate implementation (CVE-2025-12429, CVE-2025-12432, CVE-2025-12433, CVE-2025-12036), and race conditions, all of which could potentially allow remote code execution. Additional patches resolve use-after-free, out-of-bounds read, policy bypasses in Extensions, and security UI flaws that could mislead users about website authenticity. The Canadian Centre for Cyber Security issued an advisory urging users and administrators to update Chrome to version 142.0.7444.59/60 or later on Windows, Mac, and Linux platforms to mitigate these vulnerabilities. The advisory highlights the importance of promptly applying security updates to protect against exploitation of these critical flaws, especially those affecting the V8 engine and browser security components.
1 months ago
Google Chrome Update Addresses High-Risk WebGPU and V8 Vulnerabilities
Google released a security update for Chrome Stable Channel (version 142.0.7444.134/.135) on Windows, macOS, and Linux, addressing five vulnerabilities, including three high-severity flaws in core browser components such as WebGPU, Views, and the V8 JavaScript engine. The Canadian Centre for Cyber Security and other sources urged users and administrators to review the advisory and apply the necessary updates to mitigate potential exploitation risks. The most critical vulnerabilities fixed include CVE-2025-12725, CVE-2025-12726, and CVE-2025-12727, which could allow attackers to compromise affected systems if left unpatched. Users are strongly advised to update their Chrome browsers to the latest version to ensure protection against these high-risk security issues.
1 months ago
Multiple Type Confusion Vulnerabilities in Google Chrome V8 Engine
Google has released security updates for Chrome to address several high-severity type confusion vulnerabilities in the V8 JavaScript engine, including CVE-2025-13223, CVE-2025-13224, CVE-2025-13226, CVE-2025-13228, CVE-2025-13229, and CVE-2025-13230. These vulnerabilities, present in Chrome versions prior to 142.0.7444.175/.176, allow remote attackers to exploit heap corruption via crafted HTML pages, potentially leading to arbitrary code execution or browser crashes. Notably, CVE-2025-13223 has been confirmed as actively exploited in the wild, prompting Google to issue an emergency update and restrict bug details until a majority of users are protected. Security researchers from Google's Threat Analysis Group and the AI agent Big Sleep were credited with discovering these flaws. Users are strongly advised to update Chrome to the latest stable versions (142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux) to mitigate the risk. Other Chromium-based browsers may also be affected and should be updated accordingly. No specific details about the attackers or targets have been disclosed, but the urgency of the update underscores the critical nature of these vulnerabilities.
1 months ago