Severity
High
Analysis Summary
Google has released Chrome version 143 to the Stable channel for Windows, macOS, and Linux, addressing 13 security vulnerabilities across critical browser components. The most serious flaw patched is CVE-2025-13630, a high-severity Type Confusion issue in the V8 JavaScript engine, reported by a researcher. Type confusion bugs are particularly dangerous because they allow attackers to exploit mismatched data types to execute arbitrary code within the renderer sandbox, often by luring victims to malicious websites.
The update further includes fixes for several other high-severity vulnerabilities. CVE-2025-13631, reported by Reseacher, involves an inappropriate implementation in Google Updater. Although exploitation details remain restricted, issues in update mechanisms can sometimes lead to persistence or privilege escalation. The patch also covers CVE-2025-13632 in DevTools and CVE-2025-13633, a Use-After-Free memory corruption flaw in Digital Credentials. UAF vulnerabilities remain a common and dangerous category because they can lead to memory reuse after freeing, resulting in crashes or code-execution conditions.
Additionally, the release addresses multiple medium and low-severity vulnerabilities spanning Downloads, Split View, and internal browser components. Google’s internal security researchers discovered more issues, including a medium-severity race condition in V8 (CVE-2025-13721) and a bad cast in the Loader component (CVE-2025-13720). These findings highlight the importance of automated testing tools such as AddressSanitizer and libFuzzer which played a key role in detecting memory-safety irregularities during Chrome’s development and testing cycle.
Google is withholding detailed exploitation information until most users have updated, a standard practice to prevent threat actors from reverse-engineering patches. Chrome users on all platforms are strongly advised to update promptly, either by waiting for automatic rollout or by manually checking via Help > About Google Chrome. With multiple high-impact flaws patched especially those affecting V8, Updater, and memory management Chrome 143 is a crucial security update that significantly reduces the risk of remote code execution and browser compromise.
Impact
- Gain Access
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-13630
CVE-2025-13631
CVE-2025-13632
CVE-2025-13633
CVE-2025-13720
CVE-2025-13721
Affected Vendors
Remediation
- Update Chrome Immediately.
- Confirm that the Google Chrome auto-update mechanism is functioning correctly to receive future security patches promptly.
- Navigate to Chrome Menu, Help, About Google Chrome to force-install the latest version if automatic updates are delayed.
- Train users to avoid suspicious links or attachments, as type confusion and memory corruption bugs can be exploited via malicious websites.
- Follow Google’s security bulletins for ongoing information about active exploits and additional patch releases.
- Limit access to browser DevTools and administrative updater tools to reduce potential exploitation.
- Ensure antivirus and endpoint protection software is active and updated to detect malicious code attempting to exploit vulnerabilities.
- Periodically check for unusual browser behavior or crashes that may indicate attempted exploitation.