Critical Vulnerabilities Patched in Google Chrome 142 Stable Release
Google released Chrome 142 to the stable channel for Windows, Mac, Linux, Android, and ChromeOS, addressing 20 security vulnerabilities, many of which are rated high severity. The update includes fixes for several critical issues in the V8 JavaScript engine, such as type confusion (CVE-2025-12428), inappropriate implementation (CVE-2025-12429, CVE-2025-12432, CVE-2025-12433, CVE-2025-12036), and race conditions, all of which could potentially allow remote code execution. Additional patches resolve use-after-free, out-of-bounds read, policy bypasses in Extensions, and security UI flaws that could mislead users about website authenticity.
The Canadian Centre for Cyber Security issued an advisory urging users and administrators to update Chrome to version 142.0.7444.59/60 or later on Windows, Mac, and Linux platforms to mitigate these vulnerabilities. The advisory highlights the importance of promptly applying security updates to protect against exploitation of these critical flaws, especially those affecting the V8 engine and browser security components.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Advisories highlight 20 security fixes in Chrome 142
Government and security outlets published advisories about the Chrome 142 update, noting that it addressed 20 security vulnerabilities and urging users to update.
Google releases Chrome 142 Stable Channel update
Google released Chrome 142 to the Stable Channel for users, beginning rollout of a new browser version that included security fixes.
Sources
3 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Google Chrome 143 Update Addresses 13 Vulnerabilities Including High-Severity V8 Type Confusion
Google released Chrome version 143 for the Stable Channel, addressing 13 security vulnerabilities, including a high-severity type confusion flaw in the V8 JavaScript engine. The V8 vulnerability was notable enough to earn an $11,000 bug bounty, highlighting its potential impact on user security. The update is available for Windows, Mac, and Linux platforms, and users are strongly encouraged to apply the patch to mitigate exploitation risks. The Canadian Centre for Cyber Security issued an advisory urging administrators and users to update Chrome to version 143.0.7499.40/41 (Windows/Mac) and 143.0.7499.40 (Linux) or later. The advisory underscores the importance of timely updates to address these vulnerabilities and maintain the security of desktop environments running Google Chrome.
Mar 21, 2026
Google Chrome Update Addresses High-Risk WebGPU and V8 Vulnerabilities
Google released a security update for Chrome Stable Channel (version 142.0.7444.134/.135) on Windows, macOS, and Linux, addressing five vulnerabilities, including three high-severity flaws in core browser components such as WebGPU, Views, and the V8 JavaScript engine. The Canadian Centre for Cyber Security and other sources urged users and administrators to review the advisory and apply the necessary updates to mitigate potential exploitation risks. The most critical vulnerabilities fixed include CVE-2025-12725, CVE-2025-12726, and CVE-2025-12727, which could allow attackers to compromise affected systems if left unpatched. Users are strongly advised to update their Chrome browsers to the latest version to ensure protection against these high-risk security issues.
Mar 21, 2026
Google Chrome 142 Emergency Update Addresses Multiple High-Risk RCE Vulnerabilities
Google released an emergency update for its Chrome browser, version 142, to patch five security vulnerabilities, including three high-severity flaws that could allow remote code execution (RCE) on Windows, macOS, Linux, and Android platforms. The most critical vulnerability, CVE-2025-12725, is an out-of-bounds write in the WebGPU graphics interface, which could enable attackers to execute arbitrary code by corrupting system memory. Two additional high-severity vulnerabilities, CVE-2025-12726 in the Views component and CVE-2025-12727 in the V8 JavaScript engine, were also addressed, both posing significant risk for memory manipulation and potential code execution. Google has limited the release of technical details to prevent exploitation before users apply the update, but internal assessments rate the vulnerabilities with a CVSS 3.1 score of 8.8, indicating a direct and serious risk. The update is being distributed across all major desktop and mobile platforms, and users are strongly advised to update Chrome promptly to mitigate the risk of exploitation. Two medium-severity issues in the Omnibox were also fixed in this release.
Mar 21, 2026