Ddos 
The Google Chrome team has urgently promoted Chrome version 142 to the stable channel for Windows, Mac, and Linux, addressing a major security risk for all desktop users.
The update, version 142.0.7444.59 (Linux), 142.0.7444.59/60 (Windows), and 142.0.7444.60 (Mac), includes a total of 20 security fixes. A significant portion of these are High-severity vulnerabilities, including critical memory-related flaws in the V8 JavaScript engine that can often lead to Remote Code Execution (RCE).
The Chrome 142 update includes 20 security fixes, with external researchers receiving over $120,000 in bug bounties for responsibly disclosing the flaws.
Among the most critical are five high-severity vulnerabilities in the V8 JavaScript engine, which powers Chrome’s dynamic content execution.
- CVE-2025-12428 — Type Confusion in V8, reported by Man Yue Mo of GitHub Security Lab, awarded $50,000.
- CVE-2025-12429 — Inappropriate implementation in V8, reported by Aorui Zhang, also awarded $50,000.
- CVE-2025-12432 — Race condition in V8, reported by Google Big Sleep.
- CVE-2025-12433 — Inappropriate implementation in V8, reported by Google Big Sleep.
- CVE-2025-12036 — Inappropriate implementation in V8, reported by Google Big Sleep.
These flaws could potentially allow remote attackers to execute arbitrary code via crafted JavaScript objects or web content, making them among the most serious issues fixed in this release.
Beyond V8, researchers discovered several other critical issues affecting Chrome’s media, extensions, and UI components:
- CVE-2025-12430 — Object lifecycle issue in Media, reported by round.about — $10,000.
- CVE-2025-12431 — Inappropriate implementation in Extensions, reported by Alesandro Ortiz — $4,000.
- CVE-2025-12434 — Race condition in Storage, reported by Lijo A.T — $3,000.
- CVE-2025-12435 — Incorrect security UI in Omnibox, reported by Hafiizh — $3,000.
- CVE-2025-12437 — Use-after-free in PageInfo, reported by Umar Farooq — $2,000.
UI-related flaws also made a notable appearance. Chrome’s Omnibox, SplitView, and Fullscreen UI contained low to medium severity issues involving incorrect security indicators and policy bypasses.
Google credited Khalil Zhani, Hafiizh, and Thomas Greiner for multiple discoveries across those components.
Several medium-severity vulnerabilities were also addressed, including:
- CVE-2025-12439 — Inappropriate implementation in App-Bound Encryption, reported by Ari Novick.
- CVE-2025-12443 — Out-of-bounds read in WebXR, reported by Aisle Research.
- CVE-2025-12438 — Use-after-free in Ozone, reported by Wei Yuan of MoyunSec VLab.
Some of these flaws affected emerging Chrome features such as WebXR (Extended Reality) and App-Bound Encryption, underscoring Google’s expanding attack surface as new capabilities are integrated into the browser.
The Chrome team advises users to ensure their browsers are updated to version 142.0.7444.60 or higher. Updates are being rolled out automatically, but users can manually trigger an update by navigating to: Settings → About Google Chrome → Check for updates.
Enterprise administrators are encouraged to deploy the update organization-wide, especially for systems that rely on Chrome’s embedded engine for web-based applications.
Donate