Chrome 143 Stable Fixes 13 Flaws: High-Severity V8 Type Confusion Earns $11,000 Bounty
Ddos 
Google has officially promoted Chrome 143 to the stable channel for Windows, macOS, and Linux, rolling out a critical security update that addresses 13 vulnerabilities. The release, versioned as 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac, is headlined by a high-severity patch for the V8 JavaScript engine that earned a researcher an $11,000 bounty.
The most significant vulnerability in this batch is CVE-2025-13630, a “Type Confusion” flaw within Chrome’s V8 JavaScript engine. Reported by security researcher Shreyas Penkar (@streypaws), this vulnerability allows attackers to trick the browser into misinterpreting data types, potentially leading to memory corruption and arbitrary code execution.
Type confusion bugs in V8 are a frequent target for exploit writers because they can often be leveraged to break out of the browser’s sandbox. Recognizing the severity, Google awarded Penkar an $11,000 bug bounty for the discovery.
Beyond the V8 engine, the update addresses several other high-risk components:
- Google Updater Vulnerability (CVE-2025-13631): Researcher Jota Domingos identified an “Inappropriate implementation” in the Google Updater service. This flaw, which earned a $3,000 reward, could potentially allow local attackers to manipulate the update process or escalate privileges on a victim’s machine.
- Digital Credentials “Use-After-Free” (CVE-2025-13633): Google’s internal security team discovered a “Use-After-Free” vulnerability in the Digital Credentials component. This type of memory error occurs when a program attempts to use memory after it has been freed, a common vector for crashing applications or executing malicious code.
- DevTools Flaw (CVE-2025-13632): A high-severity issue in Chrome DevTools was reported by Leandro Teles. While the specific bounty amount is still “To Be Determined” (TBD), vulnerabilities in developer tools can sometimes be exploited to trick users into executing harmful code via self-XSS or other social engineering tactics.
Google has restricted access to the specific bug details to prevent widespread exploitation while users update. However, the presence of V8 and Updater vulnerabilities makes this a critical patch for all desktop users.
The update will roll out automatically over the coming days. Users can force the update immediately by navigating to Menu > Help > About Google Chrome.
Donate