Google has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks.
The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.
Critical Vulnerabilities Patched
The update fixes two significant security flaws reported by external security researchers.
The first vulnerability, CVE-2025-14765, is a use-after-free bug in WebGPU that an anonymous researcher reported on September 30, 2025. Google awarded a $10,000 bug bounty for this discovery.
| CVE ID | Severity | Vulnerability Type | Component | Reporter | Report Date | Reward |
| CVE-2025-14765 | High | Use after free | WebGPU | Anonymous | September 30, 2025 | $10,000 |
| CVE-2025-14766 | High | Out of bounds read and write | V8 | Shaheen Fazim | December 8, 2025 | TBD |
The second flaw, CVE-2025-14766, involves out-of-bounds read and write issues in the V8 JavaScript engine.
Security researcher Shaheen Fazim reported this vulnerability on December 8, 2025. The reward amount for this finding is currently listed as “to be determined.
Both vulnerabilities carry high-severity ratings and pose serious security risks. Use-after-free bugs occur when a program attempts to access memory that has already been freed, potentially allowing attackers to execute arbitrary code.
Similarly, out-of-bounds vulnerabilities in V8 could enable attackers to read or write data beyond allocated memory boundaries, leading to code execution or information disclosure.
Chrome users should update their browsers immediately to protect against potential exploitation.
The browser typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu.
Google has restricted access to detailed bug information until most users install the security patches, following standard responsible disclosure practices.
Google continues to employ advanced detection tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, to identify security vulnerabilities during the development cycle and prevent bugs from reaching stable releases.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.