Google has rolled out Chrome version 142 with stronger privacy controls and fixes for 20 high severity security vulnerabilities.
Quick Summary – TLDR:
- The update introduces a new permission to restrict local network access from websites, improving privacy and reducing attack surface.
- Desktop users will see a revamped Sync experience tied to their Google Account rather than a separate feature.
- Version 142 addresses 20 documented security flaws, many in the V8 JavaScript engine, some of which could allow code execution.
What Happened?
Google Chrome 142 has been released to the stable channel across all supported platforms. While the release brings UI and permission changes for desktop users, it also delivers a major security refresh that patches numerous vulnerabilities discovered by external researchers and Google’s internal team.
Act Now — Google Confirms Chrome 142 Security Fix For 3 Billion Users
— Forbes (@Forbes) October 30, 2025
Google has disclosed that there are no less than 20 vulnerabilities impacting the Chrome browser. Here’s why you must act now —and how —to ensure your browser is secure. https://t.co/HM1NKWRujG
Privacy and Sync Changes
Google has simplified how Chrome handles sign-in and Sync on desktop environments. According to the official blog post, the Sync feature is no longer shown as a standalone option. It is now closely integrated with the Google Account itself. When a user signs into their account in Chrome, the option to turn on sync appears via the profile icon. Users can still choose what to sync. Passwords, bookmarks, and other data by visiting chrome://settings/syncSetup/advanced.
Importantly, Google emphasizes that this update does not affect the ability to sign into Google websites independently of Chrome. The rollout is gradual and may not yet appear for all users.
Another major change: websites must now request permission to access local network or loopback addresses. Google defines “local network request” as:
- Any request from a public website to a local IP or loopback address.
- Any request from a local website to loopback.
If these types of requests are made, users must grant permission, otherwise the connection is blocked. Google explains this step “mitigates the risk of cross-site request forgery attacks against local network devices such as routers, and reduces the ability of sites to fingerprint the user’s local network.”
Security Fixes at a Glance
Chrome 142 includes fixes for 20 vulnerabilities, many of which are rated high severity. Key highlights:
- Several vulnerabilities in the V8 JavaScript engine, including type confusion and inappropriate implementation bugs, could result in arbitrary code execution
- Example high severity flaws:
- CVE-2025-12428: Type confusion in V8
- CVE-2025-12429: Inappropriate implementation in V8
- CVE-2025-12430: Object lifecycle issue in Media
- CVE-2025-12431: Policy bypass in Extensions
- Race conditions, incorrect UI security indicators, and use-after-free issues were also resolved across Storage, Omnibox, and WebXR components
Through its Vulnerability Reward Program, Google awarded up to $50,000 for critical findings. For instance, Man Yue Mo from GitHub Security Lab earned the top bounty for identifying a type confusion vulnerability, while Aorui Zhang was rewarded similarly for uncovering an inappropriate implementation issue in V8.
Google’s own security initiative, Big Sleep, also contributed several high severity discoveries. The update includes medium and low severity patches that fix issues like UI inconsistencies, out-of-bounds reads, and extensions policy bypasses.
Chrome 142.0.7444.59 for Windows and Linux, and 142.0.7444.60 for Mac, will be rolled out automatically in the coming days and weeks. Users can check their version by visiting chrome://settings/help.
Why It Matters?
- Browsers are a primary target for phishing, malware, and code injection attacks.
- By enforcing explicit permission for local network access, Chrome makes it harder for malicious sites to scan or exploit local devices.
- The streamlined Sync experience makes it easier for users to manage what data they share across devices.
SQ Magazine Takeaway
I believe this update is a clear sign that Google is tightening security while also aiming to make the user experience smoother. The new Sync design is more intuitive, and locking down local network requests just makes sense in today’s world where smart home devices are everywhere. If you haven’t updated your Chrome browser yet, do it now. It’s a simple way to stay safer online.
