—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Google Chrome for Desktop 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Chrome versions prior to 142.0.7444.59 for Linux

Google Chrome versions prior to 142.0.7444.59/60 for Windows and Mac

Google Chrome versions prior to 142.0.7444.60 for Mac

Overview

Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform Spoofing attack or disclose sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Google Chrome for Desktop.

Risk Assessment:

High risk of remote code execution, privilege escalation or unauthorized access to sensitive data.

Impact Assessment:

Potential for system compromise, data theft or service disruption.

Description

Google Chrome is a popular internet browser that is used for accessing the information available on the world wide web. It is designed for use on desktop computers, such as those running on windows, macOS, or Linux operating system.

Multiple vulnerabilities exist in Google Chrome due Type Confusion in V8, Inappropriate implementation in V8,Extensions, App-Bound Encryption, Autofill; Object lifecycle issue in Media, Race in V8,Storage; Incorrect security UI in Omnibox,Fullscreen UI, SplitView; Policy bypass in Extensions, Use after free in PageInfo, Ozone and Out of bounds read in V8,WebXR. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform Spoofing attack or disclose sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

Vendor Information

Google Chrome

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

References

Google Chrome

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

CVE Name

CVE-2025-12429

CVE-2025-12430

CVE-2025-12431

CVE-2025-12432

CVE-2025-12433

CVE-2025-12428

CVE-2025-12434

CVE-2025-12435

CVE-2025-12436

CVE-2025-12437

CVE-2025-12438

CVE-2025-12439

CVE-2025-12440

CVE-2025-12441

CVE-2025-12443

CVE-2025-12444

CVE-2025-12445

CVE-2025-12446

CVE-2025-12447

CVE-2025-12036

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkEr3YACgkQ3jCgcSdc

ys/YFQ//U3CAlAfk6CQJrZvbdb51frKZMC8+vVejzXbqFvp+5RHy+EZkhQzD9PcD

InJRn0Xi+ngb7/RX9dGbp81IsKHkDAr1EhSgqiggQmT03uYHna0urK3MaNTn3ENq

VCoUy90P8whkSPstmGg9xsecrLryPXCZU4+tQ1SJHzFbvwb/ra1dpkd/0yijLjdk

30eGqBKGTh3t1REEDP7G6YXT09GJ9+slg9J8LYlNvT8hDPQUpZ95C1a3YeHHT7yX

7Vl99/7WCJ0oBlK6I4PJWzu3kcX4ZwjSJAnGB29aiJVzPm4xwYIzSspDElvkE5k1

U7Rjz74Nfj60x0/C/aqiL/EhRMSNnRoPXAubDyIIeGxU/qEEwVsVF5cFy0DNk5LL

0iHcwAoRog19CGVRSKi4zDV12jblrsRBsKnbMQGCBqTOSAnht4MzP2a4i42kxssL

m+xYGRNbIRRnC7K16dtNWrBj0WgTb+lP3H1Icb368BD3RUILhNo+5D9cHqn3Fe19

Rksnb6P9+MPLgN1bx+DVIt7Stcuh4P4Oby5s368HsELPeaYSfaGETssnnJWBPvpL

gLrqrp05vZ35DlTemrSyYhbNXuqLtSZNPaVbfVmlehQ2ke14WYsiuQaJJM/2SQpW

9qK5PxgBW0yagjxcsyJcnR2PD4Pf4WzkFm9rThp3DP3uBt3PYGY=

=Vm8m

—–END PGP SIGNATURE—–