Google Releases Patch for Actively Exploited Chrome V8 Zero-Day (CVE-2025-13223)

Severity:
High

Detail:
Google has rolled out new security updates for its Chrome browser to fix two vulnerabilities, one of which, CVE-2025-13223 — is already being actively exploited in the wild. The vulnerability was discovered and reported on November 12, 2025, by Clément Lecigne from Google’s Threat Analysis Group (TAG).

CVE Number	Description	CVSS Score (Severity)
CVE-2025-13223	A type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.	8.8 (High)

While Google has not disclosed details about the attackers, potential targets, or the scale of exploitation, the company has confirmed that an exploit for this zero-day is circulating in the wild.

Google also addressed another type confusion vulnerability in the V8 engine (CVE-2025-13224, CVSS score: 8.8), which was identified by its artificial intelligence (AI) agent, Big Sleep.

Affected Version:
According to the NIST National Vulnerability Database (NVD), the flaw involves a type confusion issue in Chrome’s V8 JavaScript engine. Versions prior to 142.0.7444.175 are affected, allowing a remote attacker to trigger heap corruption through a specially crafted HTML page.

Recommendation:

• To stay secure, make sure your Chrome browser is updated: 142.0.7444.175/.176 on Windows, 142.0.7444.176 on macOS, and 142.0.7444.175 on Linux.

• You can check by going to More > Help > About Google Chrome and pressing Relaunch.

• Other browsers built on Chromium — like Edge, Brave, Opera, and Vivaldi — will also release fixes, so update them as soon as those patches are available.

Source
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html