Ddos 
Google has released a Stable Channel Update for Chrome Desktop (version 142.0.7444.134/.135) for Windows, macOS, and Linux systems, addressing five security vulnerabilities, including three high-severity flaws that could lead to memory corruption, sandbox escapes, or arbitrary code execution.
The first high-severity issue, tracked as CVE-2025-12725, involves an out-of-bounds write vulnerability in WebGPU, reported by an anonymous researcher on September 9, 2025.
This flaw arises from improper bounds checking when handling GPU memory operations through the WebGPU API, a modern graphics interface designed for high-performance rendering and machine learning workloads in browsers. If exploited, it could allow a remote attacker to write data beyond allocated memory regions, potentially leading to browser crashes or arbitrary code execution in the GPU process.
Given WebGPU’s low-level access to system resources, such flaws pose a significant risk for both desktop and integrated GPU environments, especially when chained with sandbox escape exploits. Google has classified this issue as high severity and awarded a security bounty to the anonymous researcher.
The second high-severity vulnerability, CVE-2025-12726, was discovered by security researcher Alesandro Ortiz and reported on September 25, 2025.
It involves an inappropriate implementation within the Views component, which handles Chrome’s user interface rendering and window management. Insecure handling of widget or UI object references could allow malicious web content or extensions to trigger memory corruption or access sensitive objects in unintended contexts.
The third high-severity issue, CVE-2025-12727, affects V8, Chrome’s JavaScript and WebAssembly engine. Reported by the researcher known as “303f06e3” on October 23, 2025, this vulnerability stems from an inappropriate implementation of internal memory handling in the V8 engine’s execution layer.
Flaws in V8 are particularly dangerous, as they often allow remote attackers to execute arbitrary code by crafting malicious JavaScript payloads that manipulate the engine’s just-in-time (JIT) compilation process.
Although Google has not yet released technical details, this vulnerability is presumed to involve type confusion or memory mismanagement, both common attack vectors used in zero-day exploits targeting Chrome users.
Historically, V8 vulnerabilities have been among the most actively exploited by threat actors before patches were fully deployed.
In addition to the three high-severity vulnerabilities, Google also patched two medium-severity flaws in Chrome’s Omnibox component — the unified search and address bar used for URL input and suggestions.
- CVE-2025-12728, reported by Hafiizh on October 16, 2025, and
- CVE-2025-12729, reported by Khalil Zhani on October 23, 2025,
were both described as “inappropriate implementations in Omnibox.” While Google did not specify the exact attack vectors, such issues could potentially allow data leaks or spoofing of search suggestions, enabling phishing or user interface manipulation attacks.
Google advises all users to update Chrome immediately by navigating to Settings → Help → About Google Chrome, which will trigger an automatic update to the latest secure version 142.0.7444.134/.135.
Related Posts:
- Firefox 141 Arrives: AI Tab Grouping, Linux Memory Boosts, and WebGPU on Windows
- Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)
- Google Rolls Out Chrome 142 Patching 20 Security Flaws
- Chrome Update Alert: Two High-Severity Flaws Patched – Update Now to Stay Safe!
- Google Chrome Patches Three High-Severity Flaws in V8 Engine
Donate