Google Chrome 142 Emergency Update Addresses Multiple High-Risk RCE Vulnerabilities
Google released an emergency update for its Chrome browser, version 142, to patch five security vulnerabilities, including three high-severity flaws that could allow remote code execution (RCE) on Windows, macOS, Linux, and Android platforms. The most critical vulnerability, CVE-2025-12725, is an out-of-bounds write in the WebGPU graphics interface, which could enable attackers to execute arbitrary code by corrupting system memory. Two additional high-severity vulnerabilities, CVE-2025-12726 in the Views component and CVE-2025-12727 in the V8 JavaScript engine, were also addressed, both posing significant risk for memory manipulation and potential code execution.
Google has limited the release of technical details to prevent exploitation before users apply the update, but internal assessments rate the vulnerabilities with a CVSS 3.1 score of 8.8, indicating a direct and serious risk. The update is being distributed across all major desktop and mobile platforms, and users are strongly advised to update Chrome promptly to mitigate the risk of exploitation. Two medium-severity issues in the Omnibox were also fixed in this release.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Google withholds technical details pending wider patch adoption
When announcing the fixes, Google said it was restricting technical details about the vulnerabilities until a majority of users had updated, to reduce the risk of exploitation. The company also credited the security researchers who reported the flaws and urged users to update immediately.
Google releases Chrome 142 emergency update for five vulnerabilities
On 2025-11-05, Google released an emergency Chrome 142 update to fix five security flaws across Windows, macOS, Linux, and Android. The update addressed three high-severity issues that could enable remote code execution and two medium-severity Omnibox flaws.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities
thecyberexpress.com
Open sourceChrome Emergency Fix: Three High-Severity Flaws in WebGPU and V8 Engine Risk RCE
securityonline.info
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Google Chrome Update Addresses High-Risk WebGPU and V8 Vulnerabilities
Google released a security update for Chrome Stable Channel (version 142.0.7444.134/.135) on Windows, macOS, and Linux, addressing five vulnerabilities, including three high-severity flaws in core browser components such as WebGPU, Views, and the V8 JavaScript engine. The Canadian Centre for Cyber Security and other sources urged users and administrators to review the advisory and apply the necessary updates to mitigate potential exploitation risks. The most critical vulnerabilities fixed include CVE-2025-12725, CVE-2025-12726, and CVE-2025-12727, which could allow attackers to compromise affected systems if left unpatched. Users are strongly advised to update their Chrome browsers to the latest version to ensure protection against these high-risk security issues.
Mar 21, 2026
Google Patches Seven Critical Chrome RCE Flaws in Stable Update
Google released a Chrome Stable channel update to fix **33 vulnerabilities**, including **seven Critical flaws** that could allow **remote code execution** if a user visits a malicious webpage. The update moves Chrome to **`149.0.7827.155/.156`** on Windows and macOS and **`149.0.7827.155`** on Linux, with Google rolling it out gradually. The most serious issues are largely **use-after-free** memory corruption bugs affecting components including **WebShare**, **Digital Credentials**, **File Input**, **Passwords**, and **Web Authentication**. Named issues include **`CVE-2026-12437`** in WebShare, **`CVE-2026-12439`** and **`CVE-2026-12440`** in Digital Credentials, **`CVE-2026-12442`** in Passwords, and **`CVE-2026-12443`** in Web Authentication. Google also patched High-severity flaws in **WebRTC, Extensions, Safe Browsing, GPU, File System Access, Media, Downloads,** and the **Tab Strip**, with risks ranging from data leakage and heap corruption to sandbox escape and exploit chaining. The company said technical details will remain limited until more users update and urged users and enterprises to install the patch and relaunch Chrome promptly.
Jun 22, 2026
Google Chrome Emergency Update Patches Multiple Critical Vulnerabilities
Google released an emergency update for *Chrome for Desktop* to **Stable channel 145.0.7632.159/160 (Windows/macOS)** and **145.0.7632.159 (Linux)**, addressing **10 security vulnerabilities**, including **three Critical** issues. Reported flaws include `CVE-2026-3536` (integer overflow in **ANGLE**), `CVE-2026-3537` (object lifecycle issue in **PowerVR**), and `CVE-2026-3538` (integer overflow in **Skia**); additional **High-severity** bugs span components such as **V8**, **WebAssembly**, **CSS**, **DevTools**, and media-related subsystems. Google limited detailed disclosure until patch adoption increases and urged users to update promptly; reported bug bounty awards for individual findings reached **up to $33,000**. The Canadian Centre for Cyber Security echoed Google’s advisory, recommending organizations apply the Chrome updates when available to remediate the affected versions. Separate Canadian Centre advisories also covered unrelated patch guidance for **Drupal contributed modules** (including a **critical access bypass** in *AJAX Dashboard* and moderate issues such as XSS in other modules) and a **Tenable Nessus Manager** vulnerability fixed in versions **10.10.3** and **10.11.3**; these items are distinct from the Chrome emergency update and should be tracked independently in vulnerability management workflows.
Mar 21, 2026