Critical Chrome Vulnerabilities Patched: WebGPU and V8 Flaws Fixed in Latest Release

Google has urgently released a security update for Chrome, addressing multiple vulnerabilities that could allow attackers to execute code remotely on affected systems. The update, version 142.0.7444.134 and 142.0.7444.135, is rolling out across Windows, Mac, and Linux, while Android users will receive version 142.0.7444.138. Given the severity of these flaws, immediate action is strongly advised to ensure your systems remain protected. Let’s delve into the specifics of these vulnerabilities and the necessary steps for mitigation.

Critical Vulnerabilities Addressed

The emergency update tackles five distinct security flaws, with three classified as high severity due to their potential for memory corruption and remote code execution (RCE). The most critical of these is CVE-2025-12725, an out-of-bounds write error found in WebGPU, Chrome’s graphics processing interface. This flaw could enable malicious code to overwrite critical system memory and execute arbitrary commands.

Additionally, the update addresses CVE-2025-12726, an inappropriate implementation in Chrome’s Views component responsible for handling the browser’s user interface, and CVE-2025-12727, which affects Chrome’s V8 JavaScript engine, the core of Chrome’s performance and execution environment. Both of these could allow attackers to manipulate memory and execute malicious code remotely.

Vulnerability Details

CVE-2025-12725: Out-of-Bounds Write in WebGPUThis high-severity vulnerability, with a CVSS score of 8.8, is an out-of-bounds write error in Chrome’s WebGPU implementation. It allows attackers to write data beyond intended memory boundaries, potentially enabling remote code execution.
CVE-2025-12726: Inappropriate Implementation in ViewsAlso carrying a CVSS score of 8.8, this high-severity vulnerability involves an improper implementation in Chrome’s Views component, which handles the browser’s user interface. Successful exploitation could lead to memory corruption and unauthorized code execution.
CVE-2025-12727: Inappropriate Implementation in V8 JavaScript EngineThis high-severity vulnerability, also with a CVSS score of 8.8, affects Chrome’s V8 JavaScript engine. Exploitation could allow attackers to manipulate memory and potentially execute malicious code remotely.
CVE-2025-12728 and CVE-2025-12729: Inappropriate Implementation in OmniboxThese medium-severity vulnerabilities (CVSS 6.5) affect Chrome’s Omnibox, the combined search and address bar. They stem from inappropriate implementations that could lead to data exposure or UI manipulation.

Affected Platforms and Versions

Desktop (Windows, macOS, Linux): Version 142.0.7444.134/.135
Android: Version 142.0.7444.138

Google has emphasized that the Android release contains the same security fixes as its desktop counterparts.

Mitigation & Recommendations

It is highly recommended that all users update Chrome immediately. Here’s how:

Desktop Users: Go to Settings -> About Chrome to check for version 142.0.7444.134 or later.
Android Users: Verify updates via the Google Play Store.
Enable Automatic Updates: Ensure that automatic updates are enabled in Chrome settings to receive future patches as soon as they are released.

While the Omnibox vulnerabilities (CVE-2025-12728 and CVE-2025-12729) are less critical, prompt updates are crucial to prevent potential misuse through manipulated browser interfaces.

Tactics, Techniques, and Procedures (TTPs)

Attackers can exploit these vulnerabilities using various techniques, as outlined by the MITRE ATT&CK framework:

T1189 – Drive-by Compromise: Exploiting vulnerabilities in web browsers to execute malicious code.
T1204.002 – User Execution: Malicious File: Tricking users into executing malicious files.
T1068 – Exploitation for Privilege Escalation: Exploiting vulnerabilities to gain higher-level permissions on a system.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.