Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors.
The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to millions of Chrome users worldwide.
Critical Zero-Day Under Active Attack
The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group on November 12, 2025, and reported as a Type Confusion flaw in the V8 JavaScript and WebAssembly engine.
| CVE ID | Severity | Vulnerability Type |
|---|---|---|
| CVE-2025-13223 | High | Type Confusion in V8 |
| CVE-2025-13224 | High | Type Confusion in V8 |
Google confirmed that exploits targeting this vulnerability already exist in the wild, making immediate patching essential for all Chrome users.
Type confusion vulnerabilities occur when code accesses a resource using an incompatible type, potentially allowing attackers to execute arbitrary code, bypass security mechanisms, or cause memory corruption.
In the context of web browsers, such flaws can be leveraged to compromise user systems through malicious websites or advertisements.
Google released Chrome version 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux to address this critical security issue.
The update is rolling out gradually over the coming days and weeks through the Stable channel.
Notably, the security update also addresses CVE-2025-13224, another Type Confusion vulnerability in V8 discovered by Google’s Big Sleep AI-powered fuzzing system on October 9, 2025.
While there is no evidence of active exploitation for this second flaw, Google proactively included the fix in this release.
Chrome users should update their browsers immediately to protect against potential attacks. The browser typically updates automatically, but users can manually check for updates by navigating to Settings > About Chrome.
Given the active exploitation of CVE-2025-13223, security experts strongly recommend updating as soon as possible.
This marks another addition to the growing list of zero-day vulnerabilities discovered in Chrome over recent years, highlighting the ongoing security challenges faced by widely used software platforms.
Organizations and individual users should remain vigilant and ensure their browsers are always running the latest version to minimize security risks.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.