CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek.

Chrome security

Google has released Chrome 142 to the stable channel with patches for 20 vulnerabilities, including seven high-, eight medium-, and five low-severity flaws.

Four of the high-severity bugs addressed in this Chrome release affect the browser’s V8 JavaScript and WebAssembly engine. Google paid $100,000 in bug bounty rewards for two of them.

Tracked as CVE-2025-12428, the first is a type confusion issue in V8 that earned Man Yue Mo of GitHub Security Lab $50,000. A similar reward was handed out to Aorui Zhang, who reported CVE-2025-12429, an inappropriate implementation defect in the JavaScript engine.

As usual, the internet giant has not shared technical details on the newly resolved vulnerabilities. However, based on the reward amounts handed out for these two bugs, it is possible that they could be exploited for remote code execution (RCE).

Google says it paid a $10,000 reward for a high-severity object lifecycle issue in Media, and $4,000 for a high-severity inappropriate implementation flaw in Extensions.

However, no rewards were handed out for three high-severity V8 defects that were discovered by Google’s Big Sleep AI agent, which was launched by Google DeepMind and Project Zero in November 2024.

Chrome 142 resolved medium-severity vulnerabilities in Storage, Omnibox, Extensions, PageInfo, Ozone, App-Bound Encryption, and V8, and low-severity flaws in Autofill, WebXR, Fullscreen UI, Extensions, and SplitView.

Google says it paid $130,000 in total for the bugs fixed with the release of Chrome 142. While no bounties will be awarded for five issues, the company has yet to disclose the amounts to be handed out for two defects.

The company makes no mention of any of these vulnerabilities being exploited in the wild.

The latest Chrome iteration is now rolling out as version 142.0.7444.59 for Linux, versions 142.0.7444.59/60 for Windows, and version 142.0.7444.60 for macOS.

Related: Chrome to Turn HTTPS on by Default for Public Sites

Related: Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

Related: Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities

Related: Chrome 140 Update Patches Sixth Zero-Day of 2025

Latest News

CYBERNEWSMEDIAPublisher