Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution

Google has released an important security update for Chrome Stable Channel, addressing a high-severity vulnerability in the browser’s V8 JavaScript engine. The patch, now rolling out to users on Windows (142.0.7444.162/.163), macOS (142.0.7444.162), and Linux (142.0.7444.162), contains a single but critical fix that impacts Chrome’s JavaScript execution layer.

The vulnerability, CVE-2025-13042, lies in V8, Chrome’s open-source JavaScript and WebAssembly engine responsible for executing code within webpages. Google described it as an “inappropriate implementation in V8”, suggesting a flaw in how the engine handles certain operations or object types that could potentially lead to type confusion, memory corruption, or arbitrary code execution.

While Google did not disclose detailed technical information — citing ongoing rollout and dependency on third-party libraries — past V8 vulnerabilities of similar nature have been exploited to achieve sandbox escapes or remote code execution through maliciously crafted web content.

While there is currently no evidence of active exploitation, vulnerabilities in Chrome’s V8 engine have historically been high-value targets for threat actors, especially for zero-day exploits used in spear-phishing and watering hole attacks.

The update to Chrome 142.0.7444.162/.163 is rolling out to users over the coming days and weeks for Windows, Mac, and Linux desktops.

Users should take the following steps immediately:

1. Open Chrome and navigate to chrome://settings/help.
2. Verify that it reads Version 142.0.7444.162 or higher.
3. If not, manually trigger an update and restart the browser.

Related Posts:

• Google Chrome Patches Three High-Severity Flaws in V8 Engine
• Chrome Update Alert: Two High-Severity Flaws Patched – Update Now to Stay Safe!
• Google Rolls Out Chrome 142 Patching 20 Security Flaws
• Chrome Emergency Fix: Three High-Severity Flaws in WebGPU and V8 Engine Risk RCE
• Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.