{"id":8053,"date":"2025-10-30T10:03:35","date_gmt":"2025-10-30T10:03:35","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/10\/30\/chrome-142-released-with-fix-for-20-vulnerabilities-that-allows-malicious-code-execution\/"},"modified":"2025-10-30T10:03:35","modified_gmt":"2025-10-30T10:03:35","slug":"chrome-142-released-with-fix-for-20-vulnerabilities-that-allows-malicious-code-execution","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/10\/30\/chrome-142-released-with-fix-for-20-vulnerabilities-that-allows-malicious-code-execution\/","title":{"rendered":"Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution"},"content":{"rendered":"

Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. <\/p>\n

The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. <\/p>\n

This version addresses 20 vulnerabilities<\/a>, many of which could enable attackers to execute malicious code remotely, potentially compromising user data and system integrity.<\/p>\n

The update underscores Google\u2019s commitment to rapid response in the face of evolving browser-based attacks.<\/p>\n

Chrome 142.0.7444.59 for Linux, 142.0.7444.59\/60 for Windows, and 142.0.7444.60 for Mac incorporate a range of fixes and performance improvements. <\/p>\n

Detailed change logs are available through Chromium\u2019s source repository, highlighting enhancements in rendering, stability, and user interface. <\/p>\n

While full details on new features will appear in upcoming posts on the Chrome and Chromium blogs, the immediate priority is bolstering defenses against exploitation attempts. <\/p>\n

Security experts recommend users enable automatic updates to mitigate risks promptly, as unpatched browsers remain prime targets for cybercriminals.<\/p>\n

\nChrome 142 Released<\/strong> \u2013 Fix for 20 Vulnerabilities<\/strong>
\n<\/h2>\n

The update addresses a wide range of vulnerabilities, including 20 security patches. Details about the bugs will initially remain confidential to allow for global deployment and to prevent facilitating active exploits.<\/p>\n

Several fixes arise from external researchers, earning bounties under Google\u2019s Vulnerability Reward Program<\/a>, while others result from internal audits and fuzzing tools like AddressSanitizer and libFuzzer.<\/p>\n

High-severity issues dominate, particularly in the V8 JavaScript engine, where type confusion, race conditions, and inappropriate implementations could lead to arbitrary code execution. <\/p>\n

Media handling and extensions also receive attention, closing gaps that might allow unauthorized access or policy bypasses. Lower-severity fixes address UI inconsistencies and storage races, preventing subtle but persistent risks.<\/p>\n

For a breakdown of key externally reported vulnerabilities, see the table below:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE ID<\/th>\nSeverity<\/th>\nDescription<\/th>\nReporter<\/th>\nBounty<\/th>\nReport Date<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-12428<\/td>\nHigh<\/td>\n\nType Confusion<\/a> in V8<\/td>\nMan Yue Mo (GitHub Security Lab)<\/td>\n$50,000<\/td>\n2025-09-26<\/td>\n<\/tr>\n
CVE-2025-12429<\/td>\nHigh<\/td>\nInappropriate implementation in V8<\/td>\nAorui Zhang<\/td>\n$50,000<\/td>\n2025-10-10<\/td>\n<\/tr>\n
CVE-2025-12430<\/td>\nHigh<\/td>\nObject lifecycle issue in Media<\/td>\nround.about<\/td>\n$10,000<\/td>\n2025-09-04<\/td>\n<\/tr>\n
CVE-2025-12431<\/td>\nHigh<\/td>\nInappropriate implementation in Extensions<\/td>\nAlesandro Ortiz<\/td>\n$4,000<\/td>\n2025-08-06<\/td>\n<\/tr>\n
CVE-2025-12432<\/td>\nHigh<\/td>\nRace in V8<\/td>\nGoogle Big Sleep<\/td>\nN\/A<\/td>\n2025-08-18<\/td>\n<\/tr>\n
CVE-2025-12433<\/td>\nHigh<\/td>\nInappropriate implementation in V8<\/td>\nGoogle Big Sleep<\/td>\nN\/A<\/td>\n2025-10-07<\/td>\n<\/tr>\n
CVE-2025-12036<\/td>\nHigh<\/td>\nInappropriate implementation in V8<\/td>\nGoogle Big Sleep<\/td>\nN\/A<\/td>\n2025-10-15<\/td>\n<\/tr>\n
CVE-2025-12434<\/td>\nMedium<\/td>\nRace in Storage<\/td>\nLijo A.T<\/td>\n$3,000<\/td>\n2024-04-27<\/td>\n<\/tr>\n
CVE-2025-12435<\/td>\nMedium<\/td>\nIncorrect security UI in Omnibox<\/td>\nHafiizh<\/td>\n$3,000<\/td>\n2025-09-21<\/td>\n<\/tr>\n
CVE-2025-12436<\/td>\nMedium<\/td>\nPolicy bypass in Extensions<\/td>\nLuan Herrera (@lbherrera_)<\/td>\n$2,000<\/td>\n2021-02-08<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

(Additional medium and low-severity fixes include use-after-free<\/a> errors in PageInfo and Ozone, out-of-bounds reads in V8 and WebXR, and UI issues in Autofill, Fullscreen, and SplitView, reported by researchers like Umar Farooq, Wei Yuan, and Khalil Zhani.)<\/p>\n

Google extends thanks to contributors who helped squash these bugs before they hit production. Internal efforts, including fuzzing and sanitizer tools, accounted for numerous fixes, preventing a wide array of potential exploits.<\/p>\n

As browser usage surges amid rising phishing and malware campaigns, this release reinforces Chrome\u2019s position as a secure default for billions. Users should verify updates via chrome:\/\/settings\/help to stay protected.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Guru Baran
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. This […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,416,131],"tags":[130],"class_list":["post-8053","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerabilities","category-vulnerability","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8053"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8053"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8053\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}