Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 3 December 2025 12:57
Google has released Chrome 143 for Windows, macOS, and Linux; the release contains an important patch. The new version ( 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and macOS) addresses 13 vulnerabilities, including a critical vulnerability in the JavaScript V8 engine, CVE-2025-13630, a type confusion issue.
This is CVE-2025-13630, discovered by cybersecurity researcher Shreyas Penkar (@streypaws) and awarded a $11,000 bounty by Google. The bug is a favorite target for exploit writers, as such flaws sometimes allow exploits to escape the browser sandbox and execute third-party code.
Therefore, the released patch is one of the most important of the release. In addition to V8, the update also fixes other serious issues: CVE-2025-13631 (Google Updater) is a faulty implementation in the updater component discovered by researcher Yota Domingos.
Google offered a $3,000 reward for this discovery. The bug could have allowed a local attacker to hijack the update process or escalate privileges.
CVE-2025-13633, a Use-After-Free bug, was discovered by Google’s internal team. These bugs often cause crashes or code execution.
while CVE-2025-13632 (DevTools) is a high severity vulnerability in developer tools discovered by Leandro Teles.
The reward amount has not yet been announced. As usual, Google keeps the details of the vulnerabilities secret to reduce the risk of them being exploited in attacks before users update.
Redazione