{"id":9273,"date":"2025-12-17T10:04:17","date_gmt":"2025-12-17T10:04:17","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/17\/chrome-security-update-patch-for-critical-vulnerabilities-that-enables-remote-code-execution\/"},"modified":"2025-12-17T10:04:17","modified_gmt":"2025-12-17T10:04:17","slug":"chrome-security-update-patch-for-critical-vulnerabilities-that-enables-remote-code-execution","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/17\/chrome-security-update-patch-for-critical-vulnerabilities-that-enables-remote-code-execution\/","title":{"rendered":"Chrome Security Update \u2013 Patch for Critical Vulnerabilities that Enables Remote Code Execution"},"content":{"rendered":"<p>    Chrome Security Update \u2013 Patch for Critical Vulnerabilities that Enables Remote Code Execution<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Google has released Chrome version 143.0.7499.146\/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems.<\/p>\n<p>The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected over the coming days and weeks.<\/p>\n<p>The latest stable release includes two high-severity security fixes that pose significant risks to user systems.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-google-s-patch-and-security-fixes\"><strong>Google\u2019s Patch and Security Fixes<\/strong><\/h2>\n<p>Security researchers have identified these vulnerabilities as particularly dangerous due to their potential for remote exploitation.<\/p>\n<p>CVE-2025-14765: <a href=\"https:\/\/cybersecuritynews.com\/use-after-free-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">Use-After-Free<\/a> in WebGPU\u00a0represents a critical flaw in Chrome\u2019s graphics processing capabilities.<\/p>\n<p>Discovered by an anonymous researcher on September 30, 2025, this vulnerability allows attackers to exploit memory management errors.<\/p>\n<p>Google is offering a $10,000 <a href=\"https:\/\/cybersecuritynews.com\/what-is-bug-bounty-program-why-organization-needs-them\/\" target=\"_blank\" rel=\"noreferrer noopener\">bug bounty<\/a> for this discovery, reflecting the severity of the issue.<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">CVE ID<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Component<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Vulnerability Type<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Bounty<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CVE-2025-14765<\/strong><\/td>\n<td>WebGPU<\/td>\n<td>Use After Free<\/td>\n<td>$10,000<\/td>\n<\/tr>\n<tr>\n<td><strong>CVE-2025-14766<\/strong><\/td>\n<td>V8 JavaScript Engine<\/td>\n<td>Out of Bounds Read and Write<\/td>\n<td>TBD<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>A <a href=\"https:\/\/cybersecuritynews.com\/google-chrome-use-after-free-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">use-after-free<\/a> vulnerability typically enables attackers to execute arbitrary code by manipulating freed memory, potentially compromising system security.<\/p>\n<p>CVE-2025-14766: Out-of-Bounds Read and Write in V8\u00a0is another high-risk vulnerability affecting Chrome\u2019s JavaScript engine.<\/p>\n<p>Reported by security researcher Shaheen Fazim on December 8, 2025, this flaw allows unauthorized memory access, potentially leading to data theft or code execution.<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/out-of-bounds-read-and-write\/\" target=\"_blank\" rel=\"noreferrer noopener\">Out-of-bounds<\/a> operations in core engine components, such as V8, are hazardous because they affect fundamental browser operations.<\/p>\n<p>Windows and Mac users should expect the update to install automatically over the coming weeks.<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/windows-update-breaks-vps-access\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux users<\/a> running Chrome can manually check for updates by navigating to Settings &gt; About Chrome, then selecting the option to force an immediate installation.<\/p>\n<p>Google recommends prioritizing this update because the vulnerabilities it addresses are critical.<\/p>\n<p>Google employs multiple advanced detection methods to identify and prevent vulnerabilities from reaching stable <a href=\"https:\/\/chromereleases.googleblog.com\/2025\/12\/stable-channel-update-for-desktop_16.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">releases<\/a>.<\/p>\n<p>These include AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.<\/p>\n<p>The company collaborates with external security researchers throughout development cycles to enhance browser security.<\/p>\n<p>Users should ensure their Chrome installation is fully updated to protect against potential exploitation of these vulnerabilities. Organizations managing multiple systems should prioritize deploying this critical patch.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/chrome-security-update-dec\/\">Chrome Security Update \u2013 Patch for Critical Vulnerabilities that Enables Remote Code Execution<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/chrome-security-update-dec\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chrome Security Update \u2013 Patch for Critical Vulnerabilities that Enables Remote Code Execution Google has released Chrome version 143.0.7499.146\/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected over the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[768,129,63,2178,648],"tags":[130],"class_list":["post-9273","post","type-post","status-publish","format-standard","hentry","category-chrome","category-cyber-security","category-cyber-security-news","category-security-updates","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9273"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9273"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9273\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}