Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities.
The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks.
The emergency release came on November 5, 2025, and will gradually roll out across Windows, Mac, and Linux systems over the coming days and weeks.
Users are strongly encouraged to update their browsers immediately to protect against potential exploitation.
Google has indicated that access to detailed bug information will remain restricted until a majority of users have installed the security patches, a standard practice designed to prevent widespread attacks during the update rollout phase.
Critical WebGPU Vulnerability Takes Priority
The most severe vulnerability addressed in this update is CVE-2025-12725, classified as a high-severity out-of-bounds write flaw in Chrome’s WebGPU implementation.
This graphics processing vulnerability was initially reported on September 9, 2025, but remained undisclosed during development and testing.
Out-of-bounds write vulnerabilities are particularly dangerous because they allow attackers to write data beyond intended memory boundaries, potentially enabling remote code execution when exploited adequately through malicious web content.
The second major vulnerability, CVE-2025-12726, involves an improper implementation in the Views component and is also rated high severity.
This was reported on September 25, 2025, and similarly represents a significant threat to browser security.
The Views system handles user interface rendering and window management, making vulnerabilities in this layer particularly dangerous from an attack surface perspective.
Chrome’s V8 JavaScript engine also required attention in this update with CVE-2025-12727, another high-severity vulnerability involving inappropriate implementation.
The V8 engine executes all JavaScript code in the browser, making any vulnerability here a critical concern for users visiting malicious websites. This vulnerability was discovered on October 23, 2025, by security researcher 303f06e3.
Two additional medium-severity vulnerabilities affecting Chrome’s Omnibox search and navigation bar were also patched.
CVE-2025-12728 and CVE-2025-12729 both involve inappropriate implementations in the Omnibox component, reported by researchers Hafiizh and Khalil Zhani, respectively.
Although classified as medium severity rather than critical, these vulnerabilities still pose significant security risks and warrant inclusion in the emergency update.
The desktop update reaches Windows users via versions 142.0.7444.134 and 142.0.7444.135, Mac users through 142.0.7444.134, and Linux users with the same version number.
Android users will receive identical security fixes through the same version update process via Google Play over the coming days.
iOS users previously received Chrome Stable version 142.0.7444.128 on November 4, which aligns with the security improvements outlined in this desktop release.
Google’s security team used multiple advanced detection technologies to identify and prevent these vulnerabilities from reaching users sooner, including AddressSanitizer, MemorySanitizer, and fuzzing.
The company continues working with external security researchers to maintain browser security throughout development cycles, and users can report new vulnerabilities through Chrome’s official bug reporting system to support ongoing protective efforts.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.