Google Rushes to "Patch" Chrome. Update Before Hackers Reach Your Computer
The new version brings fixes for five dangerous vulnerabilities at once.
The new version brings fixes for five dangerous vulnerabilities at once.
Google has released an emergency update for its Chrome browser, addressing a series of vulnerabilities that allowed for remote code execution and system takeover. The update, released on November 5, 2025, is being rolled out progressively on desktop platforms—Windows, macOS, and Linux—as well as on Android via Google Play and Chrome's built-in update mechanism.
The update patches five vulnerabilities at once, three of which received a high CVSS rating due to memory corruption risks and the potential for remote code execution. The most serious of these is the bug CVE-2025-12725, discovered on September 9th by an anonymous researcher in the WebGPU component—Chrome's graphics interface.
The flaw is an out-of-bounds memory write issue that can lead to the overwriting of critical memory areas, opening a path for executing injected code. To prevent potential attacks, technical details are being withheld until most users have installed the fix.
Two other dangerous vulnerabilities—CVE-2025-12726 and CVE-2025-12727—affect Chrome's internal modules. The first issue, reported by Alessandro Ortiz on September 25th, is related to an inappropriate implementation in the Views component, which is responsible for rendering the browser's user interface. The second, discovered on October 23rd by a researcher under the pseudonym 303f06e3, affects the V8 JavaScript engine that Chrome is built upon. Both vulnerabilities open the possibility for remote interference through memory manipulation and received a CVSS 3.1 score of 8.8.
Furthermore, the update resolves two medium-severity CVSS vulnerabilities in the Omnibox component, which combines the address bar and search field. CVE-2025-12728 and CVE-2025-12729 were reported by researchers Hafiizh and Khalil Zhani, respectively. These vulnerabilities stem from implementation errors that could lead to data leaks or visual manipulations in the interface. Despite their lower priority, these issues also require prompt updating as they could be used for phishing or page content spoofing.
On desktop OSes, Chrome has been updated to version 142.0.7444.134 or .135, and on Android to version 142.0.7444.138. According to a statement from a Chrome team representative, the Android update contains the same fixes as the desktop build and will be distributed via Google Play over the coming days. The developers thanked all those who reported the vulnerabilities before they could be potentially exploited in attacks and emphasized that the publication of technical details has been delayed to minimize the risk of exploitation.
All users are advised to check for updates as soon as possible and ensure their installed version matches the current one. On a computer, this can be done via the "About Google Chrome" section in settings, and on Android via the Play Store. Enabling automatic updates is also recommended so that protective measures take effect without delay.
