Google Releases Emergency Chrome Update to Patch Multiple RCE Vulnerabilities

Google has released Chrome version 142 to address five critical security vulnerabilities, three of which carry high-risk severity ratings.

The update became available on November 5, 2025, across desktop platforms and Android devices, with the patch rolling out gradually through Google Play and traditional update channels over the coming days.

Critical Vulnerabilities Fixed

The emergency update resolves a dangerous combination of flaws that security experts warn could allow attackers to execute malicious code directly on user systems.

The most concerning vulnerability, designated CVE-2025-12725, involves an out-of-bounds write error in WebGPU, Chrome’s graphics processing component.

This type of flaw allows attackers to write data outside intended memory boundaries, potentially overwriting critical system information.

An anonymous security researcher discovered this vulnerability on September 9, and Google has kept technical details restricted until most users receive the fix.

Two additional high-severity vulnerabilities affect Chrome’s core processing engine. CVE-2025-12727 targets V8, the JavaScript engine that powers Chrome’s performance, while CVE-2025-12726 impacts Chrome’s Views component, which handles the browser’s user interface.

Both flaws stem from inappropriate implementations that could lead to memory corruption and unauthorized code execution.

Researcher Alesandro Ortiz reported the Views vulnerability on September 25, and the V8 flaw was identified by security researcher 303f06e3 on October 23.

Beyond the critical fixes, Google patched two medium-severity issues affecting Chrome’s Omnibox—the address bar search feature.

CVE-2025-12728, reported by researcher Hafiizh, and CVE-2025-12729, identified by Khalil Zhani, both involve inappropriate implementation in this component.

CVE ID	Severity	Component	Vulnerability Type	CVSS 3.1	Affected Versions	Researcher
CVE-2025-12725	High	WebGPU	Out of bounds write	8.8	Chrome 142.0.7444.134/135, Android 142.0.7444.138	Anonymous
CVE-2025-12726	High	Views	Inappropriate implementation	8.8	Chrome 142.0.7444.134/135, Android 142.0.7444.138	Alesandro Ortiz
CVE-2025-12727	High	V8	Inappropriate implementation	8.8	Chrome 142.0.7444.134/135, Android 142.0.7444.138	303f06e3
CVE-2025-12728	Medium	Omnibox	Inappropriate implementation	6.5	Chrome 142.0.7444.134/135, Android 142.0.7444.138	Hafiizh
CVE-2025-12729	Medium	Omnibox	Inappropriate implementation	6.5	Chrome 142.0.7444.134/135, Android 142.0.7444.138	Khalil Zhani

While less immediately dangerous than their high-severity counterparts, these vulnerabilities still warrant swift updating.

Users across all platforms should prioritize updating Chrome as soon as possible.

Desktop users running Windows, Mac, and Linux should receive version 142.0.7444.134 or later, while Android users will see version 142.0.7444.138 rolling out gradually.

The release notes explicitly state that Android versions contain the identical security fixes as desktop releases.

Google noted that detailed information about these vulnerabilities will remain restricted until a significant majority of users have installed the patch, preventing attackers from developing targeted exploits.

The company credited multiple security researchers who discovered these flaws before malicious actors could weaponize them.

Users are advised to enable automatic updates in Chrome settings to ensure they receive security patches promptly.

For those experiencing update delays, manually checking for updates through Chrome’s settings menu can accelerate the process.

This emergency patch exemplifies the ongoing cat-and-mouse game between browser developers and security threats in an increasingly hostile digital landscape.

Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today

The post Google Releases Emergency Chrome Update to Patch Multiple RCE Vulnerabilities appeared first on Cyber Security News.