Google has released Chrome 143 to the Stable channel, with version 143.0.7499.40 now available for Linux and 143.0.7499.40/41 for Windows and Mac.
This update fixes 13 security vulnerabilities, including several high-severity issues that could let attackers run their own code or break the browser’s rendering engine.
The most serious flaw patched is CVE-2025-13630, a Type Confusion bug in the V8 JavaScript engine reported by Shreyas Penkar, who received an $11,000 bounty.
Type confusion happens when software treats data as the wrong type, which can lead to dangerous memory errors. In Chrome, this kind of bug can allow attackers to execute code inside the renderer simply by getting a user to visit a malicious website.
The update also fixes CVE-2025-13631, a high-severity issue in the Google Updater service reported by Jota Domingos, which earned a $3,000 reward.
Details about how the vulnerability could be exploited are being kept private for now to prevent misuse. Issues in update mechanisms can sometimes be used to maintain persistence or gain higher privileges on a system, which is why these fixes are important.
This update also patches CVE-2025-13632, a high-severity flaw in DevTools reported by Leandro Teles, and CVE-2025-13633, a “Use After Free” bug in Digital Credentials found by Google’s internal team.
Use After Free bugs remain common in Chrome. They happen when the browser tries to use memory that has already been released, which can lead to crashes or even code execution.
Google is restricting full technical details until most users have upgraded to the latest version. This helps prevent attackers from studying the patch and creating exploits for older, unpatched browsers.
Here is a quick overview of the main externally reported security issues fixed in Chrome 143:
| CVE ID | Severity | Vulnerability Type | Component | Reward |
|---|---|---|---|---|
| CVE-2025-13630 | High | Type Confusion | V8 | $11,000 |
| CVE-2025-13631 | High | Inappropriate Implementation | Google Updater | $3,000 |
| CVE-2025-13632 | High | Inappropriate Implementation | DevTools | TBD |
| CVE-2025-13634 | Medium | Inappropriate Implementation | Downloads | TBD |
| CVE-2025-13635 | Low | Inappropriate Implementation | Downloads | $3,000 |
| CVE-2025-13636 | Low | Inappropriate Implementation | Split View | $1,000 |
Google’s internal team also found additional issues, including a medium-severity race condition in V8 (CVE-2025-13721) and a bad cast in the Loader component (CVE-2025-13720). These were caught using automated security tools like AddressSanitizer and libFuzzer.
Chrome users on Windows, Mac, and Linux should receive the update automatically in the coming days. You can also check manually by going to the Chrome menu, selecting “Help,” and then clicking “About Google Chrome” to trigger the update to version 143.
Leave A Comment