Google has officially promoted Chrome version 142 to the stable channel, introducing critical security fixes for Windows, Mac, and Linux users. The update rollout begins immediately and will expand globally over the coming days to ensure broad protection against newly identified threats.
The release addresses 20 vulnerabilities, several of which could allow remote code execution—potentially compromising user data and system integrity. This update underscores Google’s continued emphasis on rapid mitigation of browser-based security risks.
Chrome 142.0.7444.59 for Linux, 142.0.7444.59/60 for Windows, and 142.0.7444.60 for Mac include a range of performance, stability, and rendering improvements. While details on new features will be shared later on the official Chrome and Chromium blogs, the immediate focus of this release is on strengthening the browser’s defenses.
High-Severity Fixes in Core Components
The bulk of the high-risk flaws reside in Chrome’s V8 JavaScript engine, where issues like type confusion, race conditions, and incorrect implementations could be exploited for arbitrary code execution. Other vulnerabilities were found in media handling, extensions, and storage, potentially allowing unauthorized access or policy bypasses.
According to Google, details about the vulnerabilities will remain confidential until the majority of users have received the update, preventing attackers from exploiting unpatched systems.
Externally Reported Vulnerabilities
Many of the bugs were identified by independent security researchers and rewarded under Google’s Vulnerability Reward Program (VRP). Below are some of the most significant fixes:
| CVE ID | Severity | Description | Reporter | Bounty | Report Date |
|---|---|---|---|---|---|
| CVE-2025-12428 | High | Type Confusion in V8 | Man Yue Mo (GitHub Security Lab) | $50,000 | 2025-09-26 |
| CVE-2025-12429 | High | Inappropriate implementation in V8 | Aorui Zhang | $50,000 | 2025-10-10 |
| CVE-2025-12430 | High | Object lifecycle issue in Media | round.about | $10,000 | 2025-09-04 |
| CVE-2025-12431 | High | Inappropriate implementation in Extensions | Alesandro Ortiz | $4,000 | 2025-08-06 |
| CVE-2025-12432 | High | Race in V8 | Google Big Sleep | N/A | 2025-08-18 |
| CVE-2025-12433 | High | Inappropriate implementation in V8 | Google Big Sleep | N/A | 2025-10-07 |
| CVE-2025-12036 | High | Inappropriate implementation in V8 | Google Big Sleep | N/A | 2025-10-15 |
| CVE-2025-12434 | Medium | Race in Storage | Lijo A.T | $3,000 | 2024-04-27 |
| CVE-2025-12435 | Medium | Incorrect security UI in Omnibox | Hafiizh | $3,000 | 2025-09-21 |
| CVE-2025-12436 | Medium | Policy bypass in Extensions | Luan Herrera (@lbherrera_) | $2,000 | 2021-02-08 |
Additional moderate and low-severity vulnerabilities addressed include use-after-free bugs in PageInfo and Ozone, out-of-bounds reads in V8 and WebXR, and UI flaws in Autofill, Fullscreen, and SplitView.
Google’s Security Commitment
Google credited both internal testing tools—such as AddressSanitizer and libFuzzer—and external researchers for identifying and resolving these flaws before they could be exploited.
As phishing and browser-based malware campaigns rise globally, this release reinforces Chrome’s reputation as one of the most secure browsers available. Security experts strongly advise users to enable automatic updates or manually check for updates by navigating to chrome://settings/help to confirm they are running the latest version.
The Chrome 142 release once again highlights Google’s proactive approach to safeguarding billions of users from evolving cyber threats.