Google Rolls Out Chrome 143 Update for Billions Worldwide

Billions of Chrome users are getting a crucial safety upgrade before the year ends. Google has begun rolling out Chrome 143, a December update that patches 13 security vulnerabilities, four of them rated high severity.According to the Chrome team, the fixes span core browser components and will reach Windows, macOS, and Linux users over the coming days.

High-severity flaws could let attackers run code remotely

Chrome’s most serious bugs are the ones that could let attackers slip past the browser’s defenses and execute their own code. These vulnerabilities were rated high severity. The kind that, if left unpatched, could crash sessions or allow remote control through malicious sites or extensions.

• Type confusion in V8: A flaw in Chrome’s JavaScript engine that could make the browser misread data, giving attackers a path to run unauthorized commands.
• Google Updater vulnerability: An issue in Chrome’s background update system that might have allowed outside interference during the update process.
• DevTools exposure: A bug in Chrome’s developer toolkit that could have opened a limited window for exploits through misused debugging features.
• Digital Credentials memory flaw: A memory management error that could cause crashes or enable access to data that should stay locked down.

The fixes tighten the browser’s core and close off routes that skilled attackers often target first.

Medium-severity flaws include issues in Downloads and Loader components

Not every bug in this update posed an immediate risk, but several could have been chained together to undermine Chrome’s security. These medium-severity fixes focus on closing subtle gaps that affect performance, reliability, and how the browser processes data behind the scenes.

• Downloads fix: A flaw in how Chrome handled certain file transfers could have opened the door to unsafe downloads or minor data leaks.
• Loader issue: A programming error that made the browser misinterpret some types of content, potentially leading to crashes or instability.
• Race condition in V8: Two browser processes could overlap at the wrong time, a timing glitch that, if exploited, might allow unpredictable behavior.

The tech company says many of these flaws were discovered during routine code audits and preventive checks.

More Google coverage

• New Google Search AI Mode is ‘Total Reimagining,’ Says CEO Sundar Pichai
• In Major Ruling, Judge Finds Google ‘Willfully Acquired and Maintained Monopoly Power’ Over Digital Ad Market
• Google’s Big Bet on Nuclear Energy: ‘The Race to Power AI-Driven Data Centers is Accelerating’
• Computer History Museum Releases Original AlexNet Code: Why It Matters

Low-severity flaws found in WebRTC and Passwords

Google also patched several smaller issues that strengthen Chrome’s day-to-day reliability. These low-severity flaws weren’t major security threats, but fixing them helps prevent minor bugs from becoming bigger problems down the line.

• Downloads: Minor inconsistencies in file handling that could have caused glitches or incomplete saves.
• Split View: A visual flaw in Chrome’s multitasking view that affected how windows displayed side by side.
• Media Stream: A low-risk memory issue that could interrupt video or audio capture.
• WebRTC: A small bug in Chrome’s real-time communications feature, patched to improve call stability and privacy.
• Passwords: An issue in how Chrome managed stored credentials, corrected to ensure login data stays protected.

These updates may not grab headlines, but they smooth the experience for billions of users,  tightening the edges of features people use every day.

Staying ahead of threats

Chrome’s security model relies on constant vigilance and a layered defense approach. Google credits tools like AddressSanitizer, MemorySanitizer, and libFuzzer for catching many flaws before they reach users.

Meanwhile, its research community continues to play a key role through the Chrome Vulnerability Reward Program. The company confirmed $18,000 in payouts for this release, with more pending review.

Microsoft’s latest update also fixes a long-standing Windows flaw that attackers used to disguise commands.