Google Issues Urgent Chrome Update to Address Multiple RCE Vulnerabilities

Google has made headlines again with the rollout of Chrome version 142, which addresses five critical security vulnerabilities, three of which are rated high-risk. This emergency update comes as part of the tech giant’s ongoing commitment to user safety in the digital realm.

On November 5, 2025, users across desktop and Android platforms began receiving the update, which will be implemented gradually through Google Play and other traditional update channels. This staggered rollout ensures that as many users as possible are protected against potential exploits.

Critical Vulnerabilities Fixed

At the heart of the recent update are vulnerabilities that security experts deem severe enough to pose significant risks to users. Among these, the most alarming is CVE-2025-12725, linked to an out-of-bounds write error within WebGPU, Chrome’s graphics processing component. This particular flaw allows attackers the potential to write data outside of intended memory limits, effectively bypassing security protocols and potentially overwriting critical system information.

This vulnerability was first discovered by an anonymous researcher on September 9, prompting immediate action by Google to ensure users are safeguarded. To minimize the risk of exploitation, Google has chosen to keep technical details under wraps until the majority of users have successfully updated their browsers.

Two additional high-severity vulnerabilities further complicate Chrome’s core functionality. CVE-2025-12727 threatens the V8 JavaScript engine, which is foundational for Chrome’s performance, while CVE-2025-12726 affects the Views component responsible for the browser’s user interface. Both vulnerabilities arise from improper implementations that could lead to memory corruption, facilitating unauthorized code execution.

Notably, the Views vulnerability was reported by Alesandro Ortiz on September 25, while the V8 flaw was identified by security researcher 303f06e3 on October 23. These timely discoveries have added layers of protection for users long before they became targets for malicious actors.

In addition to these critical threats, Google has also addressed two medium-severity vulnerabilities affecting the Omnibox, the address bar’s search feature. CVE-2025-12728, flagged by researcher Hafiizh, and CVE-2025-12729, reported by Khalil Zhani, both pertain to inappropriate implementations that could compromise user experience and security.

While these medium-severity vulnerabilities may not pose the same immediate threat as their high-severity counterparts, they still represent potential avenues of attack and should be treated with equal urgency. It is essential for users to prioritize updating their Chrome browsers as soon as the update rolls out.

Users on desktop platforms, including Windows, Mac, and Linux, should ensure they have version 142.0.7444.134 or later. Meanwhile, Android users will start seeing version 142.0.7444.138 phased in over the next few days. Importantly, Android versions contain the same crucial security fixes as the desktop releases.

Google has emphasized that detailed technical information regarding these vulnerabilities will remain confidential to prevent malicious entities from developing targeted exploits until a significant portion of the user base has updated their software. This proactive measure reflects the company’s awareness of the cybersecurity landscape and its commitment to user safety.

The company has also credited the various security researchers who reported these vulnerabilities, essentially acting as a line of defense against potential exploitation by malicious actors. Users are strongly encouraged to enable automatic updates within Chrome settings to guarantee they receive these important security patches promptly.

For those encountering delays with updates, manually checking for new versions through Chrome’s settings can expedite the process. This emergency patch exemplifies the ongoing battle between browser developers and security threats in an increasingly hostile digital environment.

Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today