Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users.
The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats.
This version addresses 20 vulnerabilities, many of which could enable attackers to execute malicious code remotely, potentially compromising user data and system integrity.
The update underscores Google’s commitment to rapid response in the face of evolving browser-based attacks.
Chrome 142.0.7444.59 for Linux, 142.0.7444.59/60 for Windows, and 142.0.7444.60 for Mac incorporate a range of fixes and performance improvements.
Detailed change logs are available through Chromium’s source repository, highlighting enhancements in rendering, stability, and user interface.
While full details on new features will appear in upcoming posts on the Chrome and Chromium blogs, the immediate priority is bolstering defenses against exploitation attempts.
Security experts recommend users enable automatic updates to mitigate risks promptly, as unpatched browsers remain prime targets for cybercriminals.
Chrome 142 Released – Fix for 20 Vulnerabilities
The update addresses a wide range of vulnerabilities, including 20 security patches. Details about the bugs will initially remain confidential to allow for global deployment and to prevent facilitating active exploits.
Several fixes arise from external researchers, earning bounties under Google’s Vulnerability Reward Program, while others result from internal audits and fuzzing tools like AddressSanitizer and libFuzzer.
High-severity issues dominate, particularly in the V8 JavaScript engine, where type confusion, race conditions, and inappropriate implementations could lead to arbitrary code execution.
Media handling and extensions also receive attention, closing gaps that might allow unauthorized access or policy bypasses. Lower-severity fixes address UI inconsistencies and storage races, preventing subtle but persistent risks.
For a breakdown of key externally reported vulnerabilities, see the table below:
| CVE ID | Severity | Description | Reporter | Bounty | Report Date |
|---|---|---|---|---|---|
| CVE-2025-12428 | High | Type Confusion in V8 | Man Yue Mo (GitHub Security Lab) | $50,000 | 2025-09-26 |
| CVE-2025-12429 | High | Inappropriate implementation in V8 | Aorui Zhang | $50,000 | 2025-10-10 |
| CVE-2025-12430 | High | Object lifecycle issue in Media | round.about | $10,000 | 2025-09-04 |
| CVE-2025-12431 | High | Inappropriate implementation in Extensions | Alesandro Ortiz | $4,000 | 2025-08-06 |
| CVE-2025-12432 | High | Race in V8 | Google Big Sleep | N/A | 2025-08-18 |
| CVE-2025-12433 | High | Inappropriate implementation in V8 | Google Big Sleep | N/A | 2025-10-07 |
| CVE-2025-12036 | High | Inappropriate implementation in V8 | Google Big Sleep | N/A | 2025-10-15 |
| CVE-2025-12434 | Medium | Race in Storage | Lijo A.T | $3,000 | 2024-04-27 |
| CVE-2025-12435 | Medium | Incorrect security UI in Omnibox | Hafiizh | $3,000 | 2025-09-21 |
| CVE-2025-12436 | Medium | Policy bypass in Extensions | Luan Herrera (@lbherrera_) | $2,000 | 2021-02-08 |
(Additional medium and low-severity fixes include use-after-free errors in PageInfo and Ozone, out-of-bounds reads in V8 and WebXR, and UI issues in Autofill, Fullscreen, and SplitView, reported by researchers like Umar Farooq, Wei Yuan, and Khalil Zhani.)
Google extends thanks to contributors who helped squash these bugs before they hit production. Internal efforts, including fuzzing and sanitizer tools, accounted for numerous fixes, preventing a wide array of potential exploits.
As browser usage surges amid rising phishing and malware campaigns, this release reinforces Chrome’s position as a secure default for billions. Users should verify updates via chrome://settings/help to stay protected.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
