Google Chrome 143 patches four high-severity vulnerabilities (CVE-2025-13630 to CVE-2025-13633), all enabling remote code execution, privilege escalation, or sandbox escapes when chained, affecting billions of users on unpatched versions prior to 143.0.7499.40/41.
CVE-2025-13630: V8 Type Confusion
This flaw in the V8 JavaScript engine mishandles object types, causing heap corruption and arbitrary code execution through crafted web content that requires only user interaction with a malicious site.Researcher Shreyas Penkar discovered it, earning Google an $11,000 bounty due to its appeal for exploit chains targeting sandbox escapes.It poses high risk in browsing-heavy environments, fixed in Chrome 143.0.7499.40/41 across Windows, macOS, and Linux.
CVE-2025-13631: Google Updater Issue
An inappropriate implementation in Google Updater—primarily on macOS—allows remote privilege escalation via crafted files, potentially hijacking update processes or enabling malware persistence in automated environments.Yota Domingos reported it and received a $3,000 bounty; attackers exploit it to disrupt secure updates. Patched in 143.0.7499.41, it elevates threats for systems relying on Google’s auto-update mechanisms.
CVE-2025-13632: DevTools Flaw
This bug in DevTools creates sandbox escape paths when users load malicious extensions, triggering unintended execution or privilege gains in developer workflows. Leandro Teles identified the inappropriate implementation, which exploits tool logic for broader compromise. Security researchers and extension users on Chrome below 143.0.7499.41 face elevated risks.
CVE-2025-13633: Digital Credentials UAF
A use-after-free vulnerability in Digital Credentials lets renderer-compromised attackers corrupt heap memory with crafted HTML, leading to credential theft or code execution (CVSS 8.8 potential).Google’s internal team uncovered it, highlighting dangers to passkey and wallet data sharing across sites and devices. Fixed in 143.0.7499.41+, it demands priority patching in enterprises using digital authentication.
