Google Patches Critical RCE Flaws in Chrome Browser

Google Issues Urgent Patch for High-Severity Chrome Vulnerabilities Including RCE Flaw (CVE-2025-12725)

HIGH
November 8, 2025
4m read
VulnerabilityPatch Management

Related Entities

Organizations

Google

Products & Tech

Chrome WebGPU V8

CVE Identifiers

CVE-2025-12725
HIGH
CVSS:8.8
CVEDetails.com CVE.org
CVE-2025-12726
HIGH
CVSS:8.8
CVEDetails.com CVE.org
CVE-2025-12727
HIGH
CVSS:8.8
CVEDetails.com CVE.org
CVE-2025-12728
MEDIUM
CVSS:6.5
CVEDetails.com CVE.org
CVE-2025-12729
MEDIUM
CVSS:6.5
CVEDetails.com CVE.org

MITRE ATT&CK Techniques

T1204.001Execution

Malicious Link

T1059.007Execution

JavaScript

T1190Initial Access

Exploit Public-Facing Application

Full Report

Executive Summary

Google has released an emergency security update for its Chrome web browser, addressing five vulnerabilities, three of which are rated high-severity and could lead to remote code execution (RCE). The update is being rolled out for Windows, macOS, Linux, and Android users. The most critical vulnerability, CVE-2025-12725, is an out-of-bounds write flaw in the WebGPU component that could allow an attacker to execute arbitrary code by tricking a user into visiting a malicious website. While Google is not aware of any active exploits for these vulnerabilities in the wild, the severity of the flaws necessitates immediate action. All Chrome users are strongly advised to update their browsers to the latest version to mitigate the risk of potential exploitation.

Vulnerability Details

The security update addresses a total of five vulnerabilities. The three high-severity flaws are:

  • CVE-2025-12725 (CVSS 8.8): An out-of-bounds write vulnerability in Chrome's WebGPU implementation. A remote attacker could exploit this by crafting a malicious HTML page. Successful exploitation could lead to memory corruption, a browser crash, or arbitrary code execution in the context of the sandboxed renderer process.
  • CVE-2025-12726 (CVSS 8.8): An inappropriate implementation vulnerability in the Views component, which is responsible for UI elements. This flaw could also be exploited for memory corruption and potential code execution.
  • CVE-2025-12727 (CVSS 8.8): An inappropriate implementation in the V8 JavaScript and WebAssembly engine. Exploitation could lead to a sandbox escape when chained with other vulnerabilities.

Two medium-severity vulnerabilities were also patched:

  • CVE-2025-12728 (CVSS 6.5): A flaw in the Omnibox address bar.
  • CVE-2025-12729 (CVSS 6.5): Another flaw in the Omnibox address bar.

Affected Systems

  • Google Chrome for Desktop (Windows, macOS, Linux): Versions prior to 142.0.7444.134 and 142.0.7444.135.
  • Google Chrome for Android: Versions prior to 142.0.7444.138.

Users can check their Chrome version by navigating to chrome://settings/help.

Exploitation Status

As of November 7, 2025, Google stated that it is not aware of any in-the-wild exploitation of these vulnerabilities. However, high-severity browser vulnerabilities, especially those leading to RCE, are prime targets for exploit developers and threat actors. The public disclosure of these flaws increases the likelihood of exploitation attempts in the near future.

Impact Assessment

The primary risk associated with these vulnerabilities is remote code execution. An attacker could host a malicious website and, upon a user visiting it, execute arbitrary code on the victim's system. While Chrome's sandbox provides a layer of protection, attackers often chain browser exploits with sandbox escape vulnerabilities to gain full control over the underlying operating system. A successful attack could lead to the installation of malware, ransomware, or spyware, resulting in data theft, financial loss, or complete system compromise.

Detection Methods

  • Version Scanning: The most reliable method of detection is to identify systems running vulnerable versions of Google Chrome. Asset management systems and vulnerability scanners can be used to query for Chrome versions across the enterprise.
  • Endpoint Monitoring: Monitor for unexpected crashes of the chrome.exe process or the spawning of suspicious child processes (e.g., powershell.exe, cmd.exe) from a Chrome process, which could indicate successful exploitation.

Remediation Steps

  • Update Immediately (M1051 - Update Software): The only way to remediate these vulnerabilities is to update Google Chrome to the latest version. Chrome typically updates automatically, but users should manually trigger the update by going to Help > About Google Chrome to ensure it is applied promptly. This corresponds to D3FEND's D3-SU: Software Update.
  • Restart the Browser: The update will not take full effect until the browser is restarted.
  • Enterprise Patch Management: System administrators should use enterprise management tools to push the updated version of Chrome to all managed devices.

Timeline of Events

1
November 8, 2025
This article was published

MITRE ATT&CK Mitigations

Update Software

M1051enterprise

Applying the latest security patch from Google is the only effective way to remediate these vulnerabilities.

Mapped D3FEND Techniques:

D3-SU

Exploit Protection

M1050enterprise

Modern browsers like Chrome have built-in exploit protections such as sandboxing and ASLR, which make exploitation more difficult but are not foolproof.

Mapped D3FEND Techniques:

D3-SSCD3-AHD3-EHPVD3-ITF

Restrict Web-Based Content

M1021enterprise

Using web filtering solutions can prevent users from accessing known malicious websites that might host exploits for these vulnerabilities.

Mapped D3FEND Techniques:

D3-DNSALD3-DNSDLD3-FAD3-ITFD3-NTAD3-OTFD3-UA

D3FEND Defensive Countermeasures

Software Update

D3-SUMaps to MITREM1051
D3FEND

The immediate and most effective countermeasure against the high-severity vulnerabilities in Google Chrome is to enforce software updates across the entire organization. Given the potential for remote code execution, this should be treated as a critical action. System administrators must use their endpoint management tools (e.g., Microsoft Intune, Jamf, Google Workspace) to push the update to Chrome version 142.0.7444.134/135 (desktop) or 142.0.7444.138 (Android) to all devices. A policy should be configured to force a browser restart within a short timeframe (e.g., 2-8 hours) to ensure the patch is applied, as Chrome's updates are not fully active until a restart occurs. Compliance reports should be run within 24 hours to identify and remediate any devices that have failed to update. For unmanaged devices, a clear communication campaign should be sent to all users instructing them to manually check for updates via 'Help > About Google Chrome' and restart their browser.

Application Hardening

D3-AHMaps to MITREM1050
D3FEND

While patching is paramount, organizations can further harden their browser environment to mitigate the risk from future zero-days. This involves configuring browser policies to reduce the attack surface. For these specific vulnerabilities in WebGPU and V8, administrators can use Group Policy or MDM settings to disable features that are non-essential for business operations. For example, if WebGPU is not used by any corporate applications, its use can be restricted or disabled via the WebGPUEnabled policy. Similarly, disabling the JIT compiler in V8 (V8JavascriptJitEnabled policy) can make certain exploits harder to execute, though this may come with a performance penalty. Implementing browser security extensions that block scripts from untrusted sources (e.g., uBlock Origin, NoScript) can also prevent the initial exploit code from running. These hardening measures act as a valuable compensating control, especially in the critical window before a patch is widely deployed.

Sources & References

Chrome 142 Update Patches High-Severity Flaws
SecurityWeek (securityweek.com) November 7, 2025
Cyber Security Weekly Briefing, 1-7 November
Telefónica Tech (telefonica.com) November 7, 2025
Critical Chrome Vulnerabilities Patched: WebGPU and V8 Flaws Fixed in Latest Release
Infosecurity Magazine (infosecurity-magazine.com) November 7, 2025

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)
LinkedIn

Tags

Google ChromeRCEVulnerabilityWebGPUV8 EngineBrowser Security

📢 Share This Article

Help others stay informed about cybersecurity threats