Google Releases Chrome 142 Update to Patch 20 Critical Security Vulnerabilities
Google has officially released Chrome version 142, introducing essential security updates for users across Windows, Mac, and Linux platforms. This update addresses 20 security vulnerabilities, many of which could potentially allow attackers to execute malicious code remotely, thereby compromising user data and system integrity.
Key Vulnerabilities Addressed:
The Chrome 142 update focuses on mitigating several high-severity vulnerabilities, particularly within the V8 JavaScript engine. These include type confusion errors, race conditions, and inappropriate implementations that could lead to arbitrary code execution. Additionally, the update resolves issues in media handling and extensions, closing gaps that might have allowed unauthorized access or policy bypasses.
Notable Vulnerabilities:
– CVE-2025-12428: A type confusion vulnerability in V8, reported by Man Yue Mo from GitHub Security Lab, with a bounty of $50,000.
– CVE-2025-12429: An inappropriate implementation in V8, reported by Aorui Zhang, also awarded a $50,000 bounty.
– CVE-2025-12430: An object lifecycle issue in Media, reported by round.about, with a bounty of $10,000.
– CVE-2025-12431: An inappropriate implementation in Extensions, reported by Alesandro Ortiz, earning a $4,000 bounty.
– CVE-2025-12432: A race condition in V8, identified by Google’s internal team, known as Big Sleep.
– CVE-2025-12433: Another inappropriate implementation in V8, also reported by Google’s Big Sleep team.
– CVE-2025-12036: An additional inappropriate implementation in V8, discovered by Google’s Big Sleep team.
– CVE-2025-12434: A race condition in Storage, reported by Lijo A.T, with a bounty of $3,000.
– CVE-2025-12435: Incorrect security UI in Omnibox, reported by Hafiizh, earning a $3,000 bounty.
– CVE-2025-12436: A policy bypass in Extensions, reported by Luan Herrera (@lbherrera_), with a bounty of $2,000.
These vulnerabilities were identified through a combination of external reports and Google’s internal security audits, including the use of advanced fuzzing tools like AddressSanitizer and libFuzzer.
Update Details:
The new versions are as follows:
– Linux: 142.0.7444.59
– Windows: 142.0.7444.59/60
– Mac: 142.0.7444.60
These updates include various fixes and performance improvements. Detailed change logs are available through Chromium’s source repository, highlighting enhancements in rendering, stability, and user interface.
Recommendations for Users:
To ensure protection against these vulnerabilities, users are strongly advised to update their Chrome browsers promptly. While Chrome typically updates automatically, users can manually check for updates by navigating to `chrome://settings/help`. Enabling automatic updates is also recommended to mitigate risks promptly, as unpatched browsers remain prime targets for cybercriminals.
Conclusion:
The release of Chrome 142 underscores Google’s commitment to maintaining a secure browsing environment by addressing critical vulnerabilities swiftly. Users are encouraged to stay vigilant and keep their browsers updated to safeguard against potential threats.
