Google has released Chrome 142 to the stable channel with patches for 20 vulnerabilities, including seven high-, eight medium-, and five low-severity flaws.
Four of the high-severity bugs addressed in this Chrome release affect the browser’s V8 JavaScript and WebAssembly engine. Google paid $100,000 in bug bounty rewards for two of them.
Tracked as CVE-2025-12428, the first is a type confusion issue in V8 that earned Man Yue Mo of GitHub Security Lab $50,000. A similar reward was handed out to Aorui Zhang, who reported CVE-2025-12429, an inappropriate implementation defect in the JavaScript engine.
As usual, the internet giant has not shared technical details on the newly resolved vulnerabilities. However, based on the reward amounts handed out for these two bugs, it is possible that they could be exploited for remote code execution (RCE).
Google says it paid a $10,000 reward for a high-severity object lifecycle issue in Media, and $4,000 for a high-severity inappropriate implementation flaw in Extensions.
However, no rewards were handed out for three high-severity V8 defects that were discovered by Google’s Big Sleep AI agent, which was launched by Google DeepMind and Project Zero in November 2024.
Chrome 142 resolved medium-severity vulnerabilities in Storage, Omnibox, Extensions, PageInfo, Ozone, App-Bound Encryption, and V8, and low-severity flaws in Autofill, WebXR, Fullscreen UI, Extensions, and SplitView.
Google says it paid $130,000 in total for the bugs fixed with the release of Chrome 142. While no bounties will be awarded for five issues, the company has yet to disclose the amounts to be handed out for two defects.
The company makes no mention of any of these vulnerabilities being exploited in the wild.
The latest Chrome iteration is now rolling out as version 142.0.7444.59 for Linux, versions 142.0.7444.59/60 for Windows, and version 142.0.7444.60 for macOS.
Related: Chrome to Turn HTTPS on by Default for Public Sites
Related: Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
Related: Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
