Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
A significant security update has been released by Google for the stable desktop channel, which addresses two very serious vulnerabilities that could expose users to potential memory leak attacks.
As the update rolls out in the coming days, security experts recommend that administrators and users update immediately to mitigate risks related to vulnerabilities in browser rendering and JavaScript engines.
The updated versions will be 143.0.7499.146/.147 for Windows and Mac and 143.0.7499.146 for Linux users. Two specific issues, classified as “High” severity, reported by external researchers are addressed in this update.
The most important fix addresses a “Use After Free” (UAF) vulnerability in WebGPU, the next-generation graphics API for the web. UAF bugs are a class of memory corruption flaws in which a program continues to use a pointer even after the memory it points to has been freed.
Hackers often exploit these flaws to execute arbitrary code or crash applications. Google awarded a $10,000 reward to an anonymous researcher for reporting this flaw on September 30, 2025, emphasizing its potentially serious nature.
The second patch targets V8, Google’s high-performance open-source JavaScript and WebAssembly engine. This flaw was reported by security researcher Shaheen Fazim on December 8, 2025.
The vulnerability, described as an “out-of-bounds read and write,” allows an attacker to read or modify memory outside of the intended bounds. In a browser context, this can typically be exploited to escape the rendering sandbox or disclose sensitive information.
Despite Chrome automatically updating many users, the criticality of these memory security vulnerabilities requires manual review. It’s crucial that system administrators responsible for managing corporate devices ensure the immediate deployment of the new version to all endpoints.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
