Google Chrome Emergency Patch Fixes High-Risk Vulnerabilities That Enable Remote Code Execution
Google has issued an emergency security update for the Chrome browser, patching two high-severity vulnerabilities that could allow attackers to execute malicious code remotely on fully patched systems.
The update — Chrome version 143.0.7499.146/.147 — is now rolling out across Windows, macOS, and Linux, and users are strongly advised to update immediately.
With Chrome serving as a gateway to enterprise apps, cloud services, and sensitive data, vulnerabilities at the browser level represent a direct risk to both individual users and organizations.
🚨 What Was Fixed
The update addresses two critical flaws discovered by independent security researchers:
🔴 CVE-2025-14765 — WebGPU Use-After-Free
A use-after-free memory bug in Chrome’s WebGPU component
Reported on September 30, 2025 by an anonymous researcher
Earned a $10,000 Google bug bounty
Use-after-free vulnerabilities occur when software accesses memory that has already been released — a condition attackers can exploit to execute arbitrary code or crash the application.
🔴 CVE-2025-14766 — V8 JavaScript Engine Out-of-Bounds Access
An out-of-bounds read/write flaw in Chrome’s V8 engine
Reported on December 8, 2025 by security researcher Shaheen Fazim
Bug bounty reward currently listed as “to be determined”
Out-of-bounds vulnerabilities allow attackers to read or modify memory beyond its intended limits, potentially leading to remote code execution or sensitive data exposure.
🧠 Why This Matters
Chrome isn’t just a browser — it’s the front door to modern business operations.
A successful exploit could allow attackers to:
Execute code simply by luring a user to a malicious website
Escape browser sandbox protections
Steal credentials, inject malware, or pivot deeper into enterprise networks
These vulnerabilities are particularly concerning because no authentication is required — exploitation could occur during normal browsing activity.
🔧 What Users Should Do Now
Google notes that Chrome usually updates automatically, but users should verify immediately:
Open Chrome
Navigate to Settings → About Chrome
Confirm the browser is updated to 143.0.7499.146 or .147
Restart the browser to apply the patch
As standard practice, Google has temporarily restricted access to technical exploit details to reduce the risk of active exploitation while users update.
🛠️ How Google Catches These Bugs
Google continues to rely on advanced memory-safety and fuzzing tools to detect vulnerabilities during development, including:
AddressSanitizer
MemorySanitizer
libFuzzer
While these tools significantly reduce risk, this update reinforces a key reality: memory-safety flaws remain one of the most common paths to browser exploitation.
🔐 The Elliptic Systems Perspective
Browser vulnerabilities remain one of the most effective initial access vectors for attackers — especially in environments that rely heavily on SaaS, cloud apps, and remote work.
At Elliptic Systems, we recommend organizations:
Enforce automatic browser updates via endpoint management
Pair browsers with endpoint detection & response (EDR) tools
Restrict risky browser features where possible
Educate users that “just visiting a site” can be enough to trigger an attack
Patch speed matters. In browser security, hours — not days — make the difference.
👉 Schedule a Cybersecurity Risk Assessment
⚠️ Final Takeaway
Google’s latest Chrome update is a reminder that even the most widely used software is a moving target.
High-severity browser vulnerabilities are prime real estate for threat actors — and delaying updates only widens the attack window.
Update immediately. Restart your browser.
And remember: security starts at the click level.
Elliptic Systems — Securing the Tools You Trust Every Day.
