Google Chrome 143 Update: Critical Security Fixes and Enhanced Features
Google has officially released Chrome 143, marking a significant update to its widely-used web browser. This latest version, 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac, introduces crucial security patches and notable feature enhancements.
Addressing Critical Security Vulnerabilities
A primary focus of Chrome 143 is the resolution of 13 security vulnerabilities, several of which are classified as high-severity. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code or compromise the browser’s rendering engine.
The most critical among these is CVE-2025-13630, a type confusion vulnerability in the V8 JavaScript engine. Discovered by security researcher Shreyas Penkar, this flaw earned a bounty of $11,000. Type confusion vulnerabilities occur when a program allocates a resource using one type but accesses it using a different, incompatible type. In the context of a browser, exploiting such a bug can enable remote attackers to execute arbitrary code within the renderer sandbox by enticing users to visit specially crafted websites.
Another significant issue addressed is CVE-2025-13631, an inappropriate implementation flaw in the Google Updater service. Reported by researcher Jota Domingos, this vulnerability carried a $3,000 reward. While specific exploitation details remain restricted to prevent abuse, vulnerabilities in update mechanisms can sometimes be leveraged to establish persistence or elevate privileges on a host system.
Additional high-severity issues resolved include CVE-2025-13632, an inappropriate implementation flaw in DevTools reported by Leandro Teles, and CVE-2025-13633, a Use After Free (UAF) memory corruption bug in Digital Credentials discovered internally by Google. UAF bugs are common memory-safety errors in Chrome, occurring when the browser attempts to use freed memory, leading to crashes or potential code execution.
Google has restricted access to full bug details until a majority of users have updated to the patched version. This standard procedure minimizes the risk of threat actors reverse-engineering the patch to develop exploits for unpatched browsers.
Enhancements in Unicode Support and Locale Data
Beyond security fixes, Chrome 143 brings significant improvements in Unicode support and locale data. The International Components for Unicode (ICU) library has been upgraded from version 74.2 to 77.1, adding support for Unicode version 16.0.0. This update includes changes that may impact web content relying on specific formats.
For instance, in the Italian locale, the default number formatting now omits the thousands separator for four-digit numbers. Previously, the number 1234 would be formatted as 1.234; with the update, it appears as 1234. Developers can achieve the old behavior by using the `useGrouping` parameter in the `Intl.NumberFormat` constructor.
In certain English locales, such as en-AU, en-GB, and en-IN, a comma has been added after full-length weekdays. For example, Saturday 30 April 2011 now appears as Saturday, 30 April 2011. Web applications should avoid relying on precise date formatting, as these formats may change in future updates.
Developer-Focused Improvements
Chrome 143 introduces several enhancements aimed at developers:
– Relaxed Validation in JavaScript DOM APIs: The HTML parser allows a wide variety of valid characters and names for elements and attributes. However, JavaScript DOM APIs have been more restrictive. This update relaxes the validation of JavaScript DOM APIs to match the HTML parser, allowing for more consistent behavior.
– WebGPU Texture Component Swizzle: This feature allows `GPUTextureViews` to rearrange or replace the color components from a texture’s red, green, blue, and alpha channels when accessed by a shader. This provides developers with more flexibility in graphics rendering.
– EditContext API Corrections: The `TextFormat` object supplied by the `textformatupdate` event now provides correct values for the `underlineStyle` and `underlineThickness` properties, aligning with the specification.
– DataTransfer Property for Input Events: The `dataTransfer` property is now populated on input events with an `inputType` of `insertFromPaste`, `insertFromDrop`, and `insertReplacementText`. This provides access to clipboard and drag-and-drop data during editing operations in contenteditable elements.
– FedCM Support for Structured JSON Responses: Identity Providers (IdPs) can now return structured JSON objects instead of plain strings to Relying Parties (RPs) using the `id_assertion_endpoint`. This simplifies integration for developers by eliminating the need to manually serialize and parse JSON strings.
AI Integration and Gemini Features
Chrome 143 also marks the integration of AI features, notably through the Gemini app:
– AI Mode Integration: Users can now access AI Mode directly from the New Tab page and the address bar. This feature enhances user interaction by providing AI-driven suggestions and actions.
– Gemini Act on Web: The Gemini app can now take actions on web pages on behalf of the user, streamlining tasks and improving productivity.
These features are rolling out to Google Workspace users with access to the Gemini app in the US. Admins can manage these features using the `GeminiSettings` policy or the `GenAiDefaultSettings`.
Deprecation of XSLT Support
In line with security considerations, Chrome 143 begins the deprecation of XSLT (Extensible Stylesheet Language Transformations) support. XSLT has been the source of several high-profile security exploits, prompting its planned removal from the web platform. Developers relying on XSLT should consider alternative solutions to ensure compatibility with future browser versions.
Update Recommendations
Users on Windows, Mac, and Linux should expect the update to install automatically over the coming days. To manually check for updates, navigate to the Chrome menu, select Help, and click About Google Chrome to initiate the download of version 143.
By addressing critical security vulnerabilities and introducing significant feature enhancements, Chrome 143 underscores Google’s commitment to providing a secure and efficient browsing experience.
