Shortly after promoting Chrome 142 to the stable channel, Google pushed out an update to address five vulnerabilities in the browser, including three high-severity flaws.
The first high-risk issue is CVE-2025-12725 (CVSS score of 8.8), described as an out-of-bounds write bug in Chrome’s WebGPU graphics API, which delivers high-performance visuals by allowing websites to interact with the system’s GPU.
Out-of-bounds defects are rooted in insufficient bounds checking, which allows attackers to write data outside of the intended memory space, potentially leading to crashes or arbitrary code execution.
According to SOCRadar, the growing use of browser-based AI and graphics workloads increases the risk of the vulnerability’s exploitation.
The remaining two high-severity bugs resolved with the fresh Chrome update are inappropriate implementations in the Views framework and the V8 JavaScript engine, tracked as CVE-2025-12726 and CVE-2025-12727 (CVSS score of 8.8).
The Views flaw exists because UI object references are handled in an unsafe manner, which could allow attackers to trigger memory corruption via crafted webpages or extensions. Successful exploitation of the defect could also lead to unintended access to interface components.
Vulnerabilities in Chrome’s V8 JavaScript and WebAssembly engine are popular targets for threat actors. Type confusion and memory corruption issues in V8 are often exploited for remote code execution.
The remaining two security defects resolved with this Chrome 142 update are medium-severity inappropriate implementations in Omnibox, tracked as CVE-2025-12728 and CVE-2025-12729.
Google makes no mention of any of these vulnerabilities being exploited in the wild. The latest Chrome iteration is now rolling out as version 142.0.7444.134 for Linux, version 142.0.7444.135 for Mac, and versions 142.0.7444.134/.135 for Windows.
“Browsers have quietly become the single largest attack surface in nearly every organization. Most users keep dozens of tabs open throughout the day, many of which remain active in the background. Each of those pages can include scripts, ads, and dynamic elements that change or redirect without notice, effectively making the browser a live target environment,” Action1 CTO Gene Moody said.
“Because of this, browser vulnerabilities are a continuous risk because exploits often emerge and spread faster than traditional patch cycles can respond, which is why browser updates now release more frequently than almost any other software. In many cases, critical fixes arrive multiple times a week,” Moody added.
Related: Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
Related: Chrome to Turn HTTPS on by Default for Public Sites
Related: Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
Related: Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
