Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution

Google has released an important security update for Chrome Stable Channel, addressing a high-severity vulnerability in the browser’s V8 JavaScript engine. The patch, now rolling out to users on Windows (142.0.7444.162/.163), macOS (142.0.7444.162), and Linux (142.0.7444.162), contains a single but critical fix that impacts Chrome’s JavaScript execution layer.

The vulnerability, CVE-2025-13042, lies in V8, Chrome’s open-source JavaScript and WebAssembly engine responsible for executing code within webpages. Google described it as an “inappropriate implementation in V8”, suggesting a flaw in how the engine handles certain operations or object types that could potentially lead to type confusion, memory corruption, or arbitrary code execution.

While Google did not disclose detailed technical information — citing ongoing rollout and dependency on third-party libraries — past V8 vulnerabilities of similar nature have been exploited to achieve sandbox escapes or remote code execution through maliciously crafted web content.

While there is currently no evidence of active exploitation, vulnerabilities in Chrome’s V8 engine have historically been high-value targets for threat actors, especially for zero-day exploits used in spear-phishing and watering hole attacks.

The update to Chrome 142.0.7444.162/.163 is rolling out to users over the coming days and weeks for Windows, Mac, and Linux desktops.

Users should take the following steps immediately:

Open Chrome and navigate to chrome://settings/help.
Verify that it reads Version 142.0.7444.162 or higher.
If not, manually trigger an update and restart the browser.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply