Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Google has swiftly addressed a high-severity flaw in its Chrome browser\u2019s V8 JavaScript engine, releasing an emergency update to thwart potential remote code execution attacks.<\/p>\n
The vulnerability, tracked as CVE-2025-12036, stems from an inappropriate implementation within V8, the open-source JavaScript and WebAssembly engine powering Chrome\u2019s rendering capabilities.<\/p>\n
Discovered and reported internally by Google\u2019s AI-driven security tool<\/a>, Big Sleep, on October 15, 2025, the issue could allow malicious websites to execute arbitrary code on users\u2019 devices without any interaction beyond visiting a compromised page.<\/p>\n This patch arrives just days after the discovery, underscoring Google\u2019s commitment to rapid response in browser security. The Stable channel update rolls out to version 141.0.7390.122\/.123 for Windows and macOS users, and 141.0.7390.122 for Linux.<\/p>\n Over the coming days and weeks, billions of Chrome users worldwide will receive this fix automatically, minimizing exposure. A detailed changelog highlights the security enhancements, though full bug details remain restricted until most users update to prevent exploitation.<\/p>\n At its core, V8 processes JavaScript code efficiently to enable dynamic web experiences, from interactive maps to online banking interfaces. However, the flaw in CVE-2025-12036 exploits a mishandled implementation that bypasses Chrome\u2019s sandbox protections<\/a>.<\/p>\n Attackers could craft malicious scripts to read sensitive memory or inject code, potentially leading to data theft, malware installation, or full system compromise. Rated \u201cHigh\u201d severity, it aligns with past V8 vulnerabilities that have been weaponized in drive-by downloads and phishing campaigns.<\/p>\n Security experts note this isn\u2019t an isolated incident; V8 has been a frequent target due to its central role in web browsing.<\/p>\n Google\u2019s proactive detection via Big Sleep, a machine learning system scanning for anomalies, prevented the bug from reaching stable releases. The company also credits tools like AddressSanitizer and libFuzzer for ongoing fuzzing efforts that catch such issues early.<\/p>\n This update reinforces<\/a> the importance of timely patching in an era of escalating browser-based threats. With Chrome holding over 65% market share, vulnerabilities here ripple across the internet ecosystem.<\/p>\n Users are urged to enable automatic updates and avoid suspicious sites. Google thanks external researchers for their contributions, emphasizing collaborative defenses against evolving attacks.<\/p>\n As cyber threats grow more sophisticated, incidents like this highlight the need for AI-assisted vigilance in software development.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nChrome V8 JavaScript Engine Vulnerability<\/strong><\/h2>\n