Google rolled out Chrome 143 to the stable channel on December 2, 2025, for Windows, macOS, and Linux (version 143.0.7499.40/41), with the Android update following shortly via Google Play. This release primarily addresses 13 security vulnerabilities, four of which are rated “High” severity by Chromium standards and could potentially enable arbitrary code execution through memory corruption like type confusion or use-after-free bugs.
These flaws were reported by external researchers, earning Google rewards totaling over $11,000 under its Vulnerability Reward Program.
Critical Security Fixes
The update patches issues that could allow remote attackers to exploit crafted web pages or extensions, potentially leading to heap corruption, sandbox escapes, or privilege escalation. Here’s a breakdown of the high-severity ones:
• CVE-2025-13630 (High): Type confusion in the V8 JavaScript and WebAssembly engine, which could enable heap corruption and arbitrary code execution. Discovered by Shreyas Penkar; reward: $11,000.
• CVE-2025-13631 (High): Inappropriate implementation in Google Updater on macOS, allowing privilege escalation via crafted files. Reported by Jota Domingos; reward: $3,000.
• CVE-2025-13632 (High): Inappropriate implementation in DevTools, enabling sandbox escapes through malicious Chrome extensions.
• CVE-2025-13633 (High): Use-after-free in Digital Credentials, another memory corruption vector for potential code execution.
The remaining nine vulnerabilities include medium- and low-severity issues like bad casts in the Loader, use-after-free in Media Stream, and heap buffer overflows in various components (e.g., ANGLE, WebAudio). Full details are available on the Chrome Releases blog and Chrome Security advisories.
Why Update Immediately?
With over 3 billion users, Chrome is a prime target for exploits—especially V8 flaws, which have been weaponized in past attacks to bypass browser sandboxes. No active in-the-wild exploitation has been reported yet, but Google urges immediate updates to mitigate risks. To check/update:
• Go to chrome://settings/help in your browser.
• Or download from google.com/chrome.
Other Notable Changes
Beyond security, Chrome 143 introduces:
• Read Aloud feature: Text-to-speech for web pages (enabled via right-click or toolbar).
• AI enhancements: Improved integration with Gemini for summaries and theme generation.
• ICU library upgrade to version 77.1 for better Unicode 16 support (may affect some Intl JS APIs).
• Libxslt updates: Hardening against memory safety issues in XSLT processing, a common exploit vector.
This release was slightly delayed but packs essential protections—stay safe by updating today! If you have questions about specific CVEs or migration impacts, let me know.