Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine.

Google has released Chrome 142 to the stable channel with patches for 20 vulnerabilities, including seven high-, eight medium-, and five low-severity flaws.

Four of the high-severity bugs addressed in this Chrome release affect the browser’s V8 JavaScript and WebAssembly engine. Google paid $100,000 in bug bounty rewards for two of them.

Tracked as CVE-2025-12428, the first is a type confusion issue in V8 that earned Man Yue Mo of GitHub Security Lab $50,000. A similar reward was handed out to Aorui Zhang, who reported CVE-2025-12429, an inappropriate implementation defect in the JavaScript engine.

As usual, the internet giant has not shared technical details on the newly resolved vulnerabilities. However, based on the reward amounts handed out for these two bugs, it is possible that they could be exploited ...