Summary : Several high severity vulnerabilities were recently identified in Google Chrome, impacting core components such as the V8 JavaScript engine, Chrome Updater, DevTools and Digital Credentials module.

The primary high-severity vulnerability, a Type Confusion bug in the V8 engine (CVE-2025-13630), could allow attackers to achieve memory corruption that may lead to remote code execution via malicious web content. Google says that that it handed out $11,000 for the V8 vulnerability and $3,000 for the Google Updater bug.

Severity	High
CVSS Score	Not Published
CVEs	CVE-2025-13630, CVE-2025-13631, CVE-2025-13632, CVE-2025-13633 & 9 other CVEs.
POC Available	No public PoC at release time
Actively Exploited	No confirmed exploitation
Exploited in Wild	Not confirmed for Chrome 143
Advisory Version	1.0

Overview 

Other vulnerabilities like privilege escalation, unauthorized actions or browser misuse have been patched in the latest Chrome update. Administrator and users are strongly urged to update to the chrome 143 release immediately.  

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Type-Confusion Vulnerability in V8 JavaScript Engine	CVE-2025-13630	Chrome	High	v143.0.7499.40/41
Inappropriate Implementation in Google Updater	CVE-2025-13631	Chrome	High	v143.0.7499.40/41
Inappropriate Implementation in DevTools	CVE-2025-13632	Chrome	High	v143.0.7499.40/41
Use-After-Free Vulnerability in Digital Credentials	CVE-2025-13633	Chrome	High	v143.0.7499.40/41

Technical Summary 

Several high-severity vulnerabilities were addressed in Google Chrome versions prior to 143.0.7499.40/41. The most critical involves a type of confusion flaw in the V8 JavaScript engine, which permits remote attackers to exploit improper object type handling, causing heap corruption when a user accesses a specially crafted webpage and potentially leading to remote code execution under certain conditions.

Other significant issues include a flawed update mechanism that may trigger unintended actions during updates, a logic error within DevTools that could result in tool misuse or unintended execution paths, and a use-after-free vulnerability in the digital credential processing components that may cause memory corruption and browser instability.

Together, these flaws can be exploited to bypass update protections, escalate privileges, disrupt developer tools, or compromise sensitive credential operations. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-13630	Chrome 142 and prior	Type Confusion in V8 engine allows crafted JavaScript to trigger memory corruption leading to possible arbitrary code execution	Remote Code Execution
CVE-2025-13631	Chrome 142 and prior	Inappropriate implementation in Chrome Updater may allow unauthorized update-related actions	Privilege Escalation
CVE-2025-13632	Chrome 142 and prior	Inappropriate implementation in DevTools may allow unintended function execution	Unauthorized Code Paths / Sandbox Interaction
CVE-2025-13633	Chrome 142 and prior	Use-after-free in Digital Credentials processing leads to memory corruption	Memory Corruption / Crash

Remediation:  

• Upgrade Chrome to the latest version: 143.0.7499.40/41 (Windows, Mac, Linux). 

Here are some recommendations below 

• Manual Update Check: Navigate to 
  Settings → Help → About Google Chrome to trigger the update. 

• Enforce Chrome auto-updates through enterprise patch management policies. 

• Enable endpoint exploit protection such as browser sandboxing to strengthen environment security. 

• Continuously monitor logs for unusual crashes, script anomalies, or signs of exploitation attempts. 

Conclusion: 
Chrome 143 patches critical flaws in the JavaScript engine, updater, DevTools, and credentials, preventing remote code execution and memory corruption.

Users and administrators are strongly advised to promptly upgrade to the latest Chrome version and implement security best practices such as enforcing automatic updates, enabling endpoint exploit protections and monitoring for any signs of exploitation to maintain a strong defense against potential attacks. 

Additionally, Google announced that the browser’s Extended Stable channel has been updated to version 142.0.7499.226 for Windows and macOS.

References:  

• https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html 

• https://cybersecuritynews.com/chrome-143-released/