Google has released an urgent security update for its Chrome browser to address a high-severity vulnerability in the V8 JavaScript engine that could allow attackers to execute remote code on affected systems.
The vulnerability, tracked as CVE-2025-12036, was patched in Chrome version 141.0.7390.122/.123 for Windows and Mac, and version 141.0.7390.122 for Linux.​
AI-Powered Discovery Reveals Critical Flaw
The vulnerability was discovered by Google’s Big Sleep project on October 15, 2025, marking another significant find by the company’s AI-powered security research initiative.
The flaw has been classified as an “inappropriate implementation in V8,” Google’s open-source JavaScript and WebAssembly engine that powers Chrome and other Chromium-based browsers.​
V8 is responsible for executing JavaScript code in web browsers, making it a critical component that handles millions of operations daily.
When vulnerabilities exist in such fundamental components, they can be exploited by threat actors to compromise user systems, steal sensitive information, or deliver malicious payloads.
The high-severity rating assigned to CVE-2025-12036 indicates that successful exploitation could have serious consequences for affected users.
Rapid Response and Patch Deployment
Google moved quickly to address the security issue, releasing the patch just six days after its discovery.
The update is currently rolling out to users over the coming days and weeks through Chrome’s automatic update mechanism.
Users running affected versions of Chrome are strongly advised to check their browser version and ensure they have installed the latest security update.​
To verify the Chrome version, users can navigate to the browser’s settings menu and check the “About Chrome” section, where the browser will automatically check for and install available updates.
The security update represents the sole security fix included in this particular stable channel release, highlighting the urgency with which Google treated this vulnerability.
Google emphasized that many security vulnerabilities in Chrome are detected using sophisticated tools, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
These automated security testing tools help identify potential vulnerabilities before they can be exploited in the wild.​
As per Google’s standard security policy, detailed information about the vulnerability and links to bug reports remain restricted until the majority of users have updated their browsers with the fix.
This practice helps prevent malicious actors from reverse-engineering the vulnerability and creating exploits before users can protect themselves.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1600,900&ssl=1&description=The vulnerability was discovered by Google's Big Sleep project on October 15, 2025, marking another significant find by the company's AI-powered security research initiative.){kind=link}