Google has promoted Chrome 143 to the stable channel, releasing patches for 13 externally reported security vulnerabilities. Four of these flaws are rated high severity, though the company confirmed it is not aware of any active exploitation in the wildโa reprieve for users following a year that has already seen seven confirmed zero-day attacks.
The most significant issue, tracked as CVE-2025-13630, is a type-confusion bug within the V8 JavaScript and WebAssembly engine. The remaining high-severity defects involve inappropriate implementation flaws in Google Updater (CVE-2025-13631) and DevTools (CVE-2025-13632), as well as a use-after-free error in the Digital Credentials component (CVE-2025-13633).
Google has disclosed specific payouts for two of the bugs: $11,000 for the V8 vulnerability and $3,000 for the Updater flaw. The company awarded a collective $18,000 for four additional issues, while bounties for the remaining six reports remain undisclosed.
Beyond the critical fixes, the update addresses three medium-severity gapsโan inappropriate implementation in Downloads, a bad cast in Loader, and a race condition in V8. Six low-severity bugs were also resolved, affecting components such as Split View, WebRTC, Passwords, Media Stream, and Downloads.
The update brings the browser to version 143.0.7499.40/41 for Windows and macOS, and 143.0.7499.40 for Linux. Mobile users will see version 143.0.7499.52 on Android and 143.0.7499.92 on iOS. An Extended Stable build (142.0.7499.226) remains available for enterprise administrators on Windows and macOS.
While Google stated the automatic rollout will occur over the coming “days and weeks,” security experts advise against waiting. Users should manually trigger the installation by navigating toย Settings > Help > About Google Chromeย and ensuring the browser is relaunched to activate the new protections.