The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.
The update fixes two significant security flaws reported by external security researchers. Both vulnerabilities carry high-severity ratings and pose serious security risks to active Chrome users worldwide.
| CVE ID | Severity | Vulnerability Type | Component | Reporter | Report Date | Reward |
|---|---|---|---|---|---|---|
| CVE-2025-14765 | High | Use-after-free | WebGPU | Anonymous | September 30, 2025 | $10,000 |
| CVE-2025-14766 | High | Out-of-bounds read/write | V8 | Shaheen Fazim | December 8, 2025 | TBD |
The first vulnerability, CVE-2025-14765, is a use-after-free bug in WebGPU reported by an anonymous researcher on September 30, 2025.
Google awarded a $10,000 bug bounty for this discovery. Use-after-free bugs occur when a program attempts to access memory that has already been freed, potentially allowing attackers to execute arbitrary code with elevated privileges.
The second flaw, CVE-2025-14766, involves out-of-bounds read and write issues in the V8 JavaScript engine.
Security researcher Shaheen Fazim reported this vulnerability on December 8, 2025, and the reward amount is currently pending determination.
Out-of-bounds vulnerabilities in V8 could allow attackers to read or write data beyond allocated memory, leading to code execution or sensitive information disclosure.
Chrome users should update their browsers immediately to protect against potential exploitation. The browser typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Chrome.”
Google has restricted access to detailed bug information until most users have installed the security patches, in line with standard responsible disclosure practices.
This approach minimizes the attack window by preventing widespread exploitation before patches are widely deployed.
Google continues to use advanced detection tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, to identify security vulnerabilities during development and prevent bugs from reaching stable releases.
These tools significantly enhance the browser’s security posture by catching memory-related vulnerabilities early in development.
This emergency update underscores the importance of keeping current browser versions and demonstrates Google’s commitment to promptly addressing critical security issues.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Chrome Security Update Patches Critical Remote Code Execution Vulnerabilities appeared first on Cyber Security News.
Ikea’s new smart bulbs are hitting the US a month early. | Image: Ikea After…
No AI usage will be assumed on works that providers haven't voluntarily tagged. | Illustration:…
Reminder: this weekend is the semi-annual changing of the clocks. Digital devices do it automatically.…
50 Years Ago A 38-year-old Connecticut city planner yesterday assumed his duties as the new…
EASTHAMPTON — The Pulaski Club has to apply for a new liquor license, a fact that…
BELCHERTOWN — Last week, Gov. Maura Healey announced a partnership with Google to offer all…
This website uses cookies.