Google has released Chrome version 142.0.7444.162/.163 to address a high-severity security vulnerability in the V8 JavaScript engine.
The stable channel update is now rolling out across Windows, Mac, and Linux platforms over the coming days and weeks.
The security fix addresses CVE-2025-13042, classified as a “High” severity vulnerability involving an inappropriate implementation in V8, Chrome’s core JavaScript engine. The vulnerability was reported on November 3, 2025, by a security researcher with the alias 303f06e3.
This issue could allow attackers to exploit the V8 engine through specially crafted JavaScript code.
Chrome Security Update
The version 142.0.7444.162/.163 release includes one confirmed security fix addressing the V8 engine flaw.
Google maintains a comprehensive list of all changes in this build on their Chromium source repository for users who want detailed technical information about the update, and deploys it gradually across all supported platforms.
| CVE ID | Severity | Component | Issue Type | Affected Versions |
|---|---|---|---|---|
| CVE-2025-13042 | High | V8 Engine | Inappropriate Implementation | Chrome < 142.0.7444.162 |
Users may not see the update immediately, as Google typically releases it over days or weeks to monitor stability and ensure no new issues emerge during the rollout process.
Google continues to highlight the contributions of external security researchers who responsibly identify and report vulnerabilities.
The company uses multiple detection tools, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, to catch security bugs before they reach users.
While the rollout is automatic for most Chrome users, it’s recommended that you ensure your browser is up to date.
Users can verify their current version in Chrome settings under “About Chrome,” which automatically checks for and installs available updates.
Google restricts detailed information about security vulnerabilities until the majority of users receive patches. This responsible disclosure approach prevents attackers from exploiting known issues while fixes are being deployed.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
