Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN749
_____________________________________________________________________

DATE                : 30/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Google Chrome versions prior to
                                    142.0.7444.59/60.

=====================================================================
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
_____________________________________________________________________


 Stable Channel Update for Desktop
Tuesday, October 28, 2025

The Chrome team is delighted to announce the promotion of Chrome 142
to the stable channel for Windows, Mac and Linux. This will roll out
over the coming days/weeks.

Chrome 142.0.7444.59 (Linux) 142.0.7444.59/60 Windows and
142.0.7444.60 Mac contains a number of fixes and improvements --
a list of changes is available in the log. Watch out for upcoming
Chrome and Chromium blog posts about new features and big efforts
delivered in 142.


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until
a majority of users are updated with a fix. We will also retai
 restrictions if the bug exists in a third party library that
other projects similarly depend on, but haven’t yet fixed.


This update includes 20 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.


[$50000][447613211] High CVE-2025-12428: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26

[$50000][450618029] High CVE-2025-12429: Inappropriate
implementation in V8. Reported by Aorui Zhang on 2025-10-10

[$10000][442860743] High CVE-2025-12430: Object lifecycle issue
in Media. Reported by round.about on 2025-09-04

[$4000][436887350] High CVE-2025-12431: Inappropriate
implementation in Extensions. Reported by Alesandro Ortiz
on 2025-08-06

[N/A][439522866] High CVE-2025-12432: Race in V8. Reported
by Google Big Sleep on 2025-08-18

[N/A][449760249] High CVE-2025-12433: Inappropriate
implementation in V8. Reported by Google Big Sleep on
2025-10-07

[N/A][452296415] High CVE-2025-12036: Inappropriate implementation
in V8. Reported by Google Big Sleep on 2025-10-15

[$3000][337356054] Medium CVE-2025-12434: Race in Storage. Reported
by Lijo A.T on 2024-04-27

[$3000][446463993] Medium CVE-2025-12435: Incorrect security UI
in Omnibox. Reported by Hafiizh on 2025-09-21

[$2000][40054742] Medium CVE-2025-12436: Policy bypass in
Extensions. Reported by Luan Herrera (@lbherrera_) on 2021-02-08

[$2000][446294487] Medium CVE-2025-12437: Use after free in
PageInfo. Reported by Umar Farooq on 2025-09-20

[$1000][433027577] Medium CVE-2025-12438: Use after free in
Ozone. Reported by Wei Yuan of MoyunSec VLab on 2025-07-20

[TBD][382234536] Medium CVE-2025-12439: Inappropriate
implementation in App-Bound Encryption. Reported by Ari
Novick on 2024-12-04

[N/A][430555440] Low CVE-2025-12440: Inappropriate implementation
in Autofill. Reported by Khalil Zhani on 2025-07-09

[N/A][444049512] Medium CVE-2025-12441: Out of bounds read in V8.
Reported by Google Big Sleep on 2025-09-10

[TBD][452071845] Medium CVE-2025-12443: Out of bounds read in WebXR.
Reported by Aisle Research on 2025-10-15

[$3000][390571618] Low CVE-2025-12444: Incorrect security UI in
Fullscreen UI. Reported by syrf on 2025-01-18

[$1000][428397712] Low CVE-2025-12445: Policy bypass in
Extensions. Reported by Thomas Greiner on 2025-06-29

[$1000][444932667] Low CVE-2025-12446: Incorrect security UI
in SplitView. Reported by Hafiizh on 2025-09-14

[TBD][442636157] Low CVE-2025-12447: Incorrect security UI in
Omnibox. Reported by Khalil Zhani on 2025-09-03



We would also like to thank all security researchers that worked with
us during the development cycle to prevent security bugs from ever
reaching the stable channel.

As usual, our ongoing internal security work was responsible for
a wide range of fixes:

[455996292]Various fixes from internal audits, fuzzing and other
initiatives


Many of our security bugs are detected using AddressSanitizer,
MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity,
libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you
find a new issue, please let us know by filing a bug. The community
help forum is also a great place to reach out for help or learn
about common issues.


Srinivas Sista

Google Chrome

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================