Google Patches Actively Exploited Chrome Zero-Day Vulnerability
▼ Summary
– Google has released an emergency fix for Chrome vulnerability CVE-2025-13223, which is being actively exploited in the wild.
– The vulnerability is a type confusion flaw in the V8 engine that can lead to heap corruption and unauthorized data access via a malicious HTML page.
– Chrome versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux include fixes for this and another V8 vulnerability, CVE-2025-13224.
– Updates are rolling out automatically, but users can manually trigger them in Settings > About Chrome and relaunch the browser to apply the fix.
– Chromium-based browsers like Edge, Brave, and Opera are expected to receive the fixes soon, with Vivaldi already patched for CVE-2025-13223.
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability, identified as CVE-2025-13223, which is already being actively exploited by attackers. This flaw, discovered by Google’s internal Threat Analysis Group, requires immediate attention from all users to prevent potential data breaches and system compromise.
The vulnerability stems from a type confusion issue within V8, the JavaScript and WebAssembly engine that powers Chrome and other Chromium-based browsers. Attackers can leverage this weakness by creating malicious HTML pages designed to trigger heap corruption. If a user visits one of these pages, the exploit could enable unauthorized access to sensitive information or allow other harmful actions on the affected system.
Alongside CVE-2025-13223, Google has also patched a second V8 type-confusion flaw, CVE-2025-13224. These fixes are included in the following Chrome versions:
- v142.0.7444.175/.176 for Windows
Google credited Clément Lecigne of its Threat Analysis Group for reporting the actively exploited vulnerability, while the second issue was identified by Big Sleep, an autonomous AI system developed by Google for automated vulnerability research. This marks another instance in which V8-related zero-day flaws have been weaponized by threat actors, underscoring the ongoing need for timely software updates.
The patched versions of Chrome are being distributed gradually and should reach all users within the next several days or weeks. Although the browser typically applies updates automatically, you can manually check for and install the latest version by navigating to Settings, selecting About Chrome, and restarting the browser if an update is available.
Other popular browsers built on Chromium, including Microsoft Edge, Brave, and Opera, are anticipated to integrate these security patches shortly. Vivaldi has already rolled out a fix addressing CVE-2025-13223. Staying current with browser updates remains one of the most effective ways to protect against emerging cyber threats.
(Source: HelpNet Security)
