Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems.
The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected over the coming days and weeks.
The latest stable release includes two high-severity security fixes that pose significant risks to user systems.
Google’s Patch and Security Fixes
Security researchers have identified these vulnerabilities as particularly dangerous due to their potential for remote exploitation.
CVE-2025-14765: Use-After-Free in WebGPU represents a critical flaw in Chrome’s graphics processing capabilities.
Discovered by an anonymous researcher on September 30, 2025, this vulnerability allows attackers to exploit memory management errors.
Google is offering a $10,000 bug bounty for this discovery, reflecting the severity of the issue.
| CVE ID | Component | Vulnerability Type | Bounty |
|---|---|---|---|
| CVE-2025-14765 | WebGPU | Use After Free | $10,000 |
| CVE-2025-14766 | V8 JavaScript Engine | Out of Bounds Read and Write | TBD |
A use-after-free vulnerability typically enables attackers to execute arbitrary code by manipulating freed memory, potentially compromising system security.
CVE-2025-14766: Out-of-Bounds Read and Write in V8 is another high-risk vulnerability affecting Chrome’s JavaScript engine.
Reported by security researcher Shaheen Fazim on December 8, 2025, this flaw allows unauthorized memory access, potentially leading to data theft or code execution.
Out-of-bounds operations in core engine components, such as V8, are hazardous because they affect fundamental browser operations.
Windows and Mac users should expect the update to install automatically over the coming weeks.
Linux users running Chrome can manually check for updates by navigating to Settings > About Chrome, then selecting the option to force an immediate installation.
Google recommends prioritizing this update because the vulnerabilities it addresses are critical.
Google employs multiple advanced detection methods to identify and prevent vulnerabilities from reaching stable releases.
These include AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
The company collaborates with external security researchers throughout development cycles to enhance browser security.
Users should ensure their Chrome installation is fully updated to protect against potential exploitation of these vulnerabilities. Organizations managing multiple systems should prioritize deploying this critical patch.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
