Google has issued an unscheduled Chrome update to fix two serious vulnerabilities, CVE-2025-14765 in WebGPU and CVE-2025-14766 in the V8 JavaScript engine, that can be triggered remotely when users load maliciously crafted web pages. Because Chrome has billions of users, these flaws are high-value targets for attackers, and users are strongly urged to update immediately to version 143.0.7499.146/.147 on Windows and macOS or 143.0.7499.146 on Linux. The piece provides simple update instructions (using Chrome’s About page or automatic updates) and briefly explains that one bug is a use-after-free in WebGPU, leading to potential heap corruption, while the other is an out-of-bounds read/write in V8 that can allow attackers to access or modify memory and potentially run code with elevated permissions. The core message is that users should not delay restarting and updating Chrome, since merely browsing the web could expose them to attacks until the patch is applied.
Two Chrome Flaws Could Be Triggered by Simply Browsing the Web: Update Now

