By rssfeeds-admin 
The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.
Critical Vulnerabilities Patched
The update fixes two significant security flaws reported by external security researchers. Both vulnerabilities carry high-severity ratings and pose serious security risks to active Chrome users worldwide.
| CVE ID | Severity | Vulnerability Type | Component | Reporter | Report Date | Reward |
|---|---|---|---|---|---|---|
| CVE-2025-14765 | High | Use-after-free | WebGPU | Anonymous | September 30, 2025 | $10,000 |
| CVE-2025-14766 | High | Out-of-bounds read/write | V8 | Shaheen Fazim | December 8, 2025 | TBD |
The first vulnerability, CVE-2025-14765, is a use-after-free bug in WebGPU reported by an anonymous researcher on September 30, 2025.
Google awarded a $10,000 bug bounty for this discovery. Use-after-free bugs occur when a program attempts to access memory that has already been freed, potentially allowing attackers to execute arbitrary code with elevated privileges.
The second flaw, CVE-2025-14766, involves out-of-bounds read and write issues in the V8 JavaScript engine.
Security researcher Shaheen Fazim reported this vulnerability on December 8, 2025, and the reward amount is currently pending determination.
Out-of-bounds vulnerabilities in V8 could allow attackers to read or write data beyond allocated memory, leading to code execution or sensitive information disclosure.
Chrome users should update their browsers immediately to protect against potential exploitation. The browser typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Chrome.”
Google has restricted access to detailed bug information until most users have installed the security patches, in line with standard responsible disclosure practices.
This approach minimizes the attack window by preventing widespread exploitation before patches are widely deployed.
Google continues to use advanced detection tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, to identify security vulnerabilities during development and prevent bugs from reaching stable releases.
These tools significantly enhance the browser’s security posture by catching memory-related vulnerabilities early in development.
This emergency update underscores the importance of keeping current browser versions and demonstrates Google’s commitment to promptly addressing critical security issues.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Chrome Security Update Patches Critical Remote Code Execution Vulnerabilities appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.