Google patches one more exploited Chrome zero-day (CVE-2025-13223)

Google has shipped an emergency repair for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited within the wild by its Threat Analysis Group (TAG).

About CVE-2025-13223

CVE-2025-13223 is a sort confusion vulnerability in V8, the JavaScript and WebAssembly engine utilized by Chrome and Chromium-based browsers.

The flaw permits distant attackers to use heap corruption through a specifically crafted HTML web page, and may result in unauthorized actions resembling accessing delicate knowledge. For the exploit to have an opportunity to work, targets should be tricked into visiting such a web page.

CVE-2025-13223 and a second V8 type-confusion flaw, CVE-2025-13224, have been fastened in Chrome:

• v142.0.7444.175/.176 (for Windows)
• v142.0.7444.176 (for macOS)
• v142.0.7444.175 (for Linux)

CVE-2025-13223 was reported by Clément Lecigne of Google TAG, and CVE-2025-13224 was found by Big Sleep, Google’s autonomous AI-powered system for automated vulnerability analysis.

Zero-days affecting V8 are sometimes exploited by attackers: in 2025 alone, Google fastened a number of of them after TAG researchers flagged associated abuse.

Updates can be found/incoming

Google says that the fastened Chrome variations will roll out over the approaching days/weeks.

The browser is up to date mechanically as soon as updates grow to be obtainable, however you may as well manually set off the replace to a hard and fast model (go to Settings -> About Chrome) after which relaunch the applying to finalize the improve.

Chromium-based browsers like Microsoft Edge, Brave, and Opera are anticipated to get these fixes quickly, and Vivaldi maintainers have already delivered a repair for CVE-2025-13223.

Subscribe to our breaking information e-mail alert to by no means miss out on the most recent breaches, vulnerabilities and cybersecurity threats. Subscribe right here!