Google Releases Critical Security Update for Chrome’s V8 JavaScript Engine
Google has rolled out Chrome version 142.0.7444.162/.163 to address a high-severity security vulnerability in the V8 JavaScript engine. This update is being deployed across Windows, Mac, and Linux platforms and will reach users over the coming days and weeks.
The vulnerability, identified as CVE-2025-13042, involves an inappropriate implementation within V8, Chrome’s core JavaScript engine. Discovered by security researcher 303f06e3 on November 3, 2025, this flaw could potentially allow attackers to exploit the V8 engine through specially crafted JavaScript code.
Details of the Vulnerability:
– CVE ID: CVE-2025-13042
– Severity: High
– Component: V8 Engine
– Issue Type: Inappropriate Implementation
– Affected Versions: Chrome versions prior to 142.0.7444.162
Google has acknowledged the contributions of external security researchers who responsibly report vulnerabilities, emphasizing the importance of collaborative efforts in maintaining browser security. The company employs various detection tools, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, to identify and address security issues before they affect users.
While the update is automatic for most users, it’s advisable to verify that your browser is up to date. You can check your current version by navigating to Chrome settings under About Chrome, which will automatically check for and install any available updates.
To prevent exploitation of known issues during the rollout process, Google restricts detailed information about security vulnerabilities until the majority of users have received the patches.
