Google Issues Emergency Chrome Update for 2 Billion Users
▼ Summary
– Google has issued an emergency update for Chrome due to active attacks exploiting a high-severity zero-day vulnerability (CVE-2025-13223).
– The flaw is a “Type Confusion in V8” that could allow remote attackers to corrupt memory or execute arbitrary code via a crafted webpage.
– America’s cyber defense agency CISA has mandated federal agencies to update or stop using Chrome by December 10, adding it to its Known Exploited Vulnerabilities catalog.
– All Chrome users should install the update immediately, which requires restarting the browser and brings versions to 142.0.7444.175/.176 for Windows/Mac and 142.0.7444.175 for Linux.
– Google restricts detailed bug information until most users are updated to prevent further exploitation while fixes are deployed rapidly.
Google has released an urgent security patch for its Chrome browser, impacting billions of users globally, following the discovery of an actively exploited vulnerability. The company confirmed that attacks leveraging this flaw are already occurring in the wild, prompting a swift emergency update for all desktop versions of the browser.
The specific threat, identified as CVE-2025-13223, involves a “Type Confusion in V8” issue within Chrome’s JavaScript engine. This high-severity vulnerability was uncovered by Google’s internal Threat Analysis Group, leading to the rapid deployment of a fix. The flaw could permit a remote attacker to execute arbitrary code, potentially leading to data theft or the installation of malicious software on affected systems.
Highlighting the critical nature of this security gap, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added the vulnerability to its Known Exploited Vulnerabilities catalog. CISA has directed all federal agencies to apply the update or discontinue using Chrome by December 10. Although this mandate specifically targets government networks, the agency emphasizes that the guidance serves the broader cybersecurity community, urging every organization and individual user to take immediate action.
For everyday users, the update should download automatically in the background. However, you must fully restart the browser to activate the protection. When you restart, your standard browsing tabs will recover automatically, though any open incognito windows will close permanently.
Technical assessments from the National Institute of Standards and Technology (NIST) indicate that the vulnerability could allow an attacker to trigger heap corruption via a specially crafted HTML page. Such security weaknesses are often used as an initial foothold, enabling further exploitation by chaining them with other vulnerabilities to gain deeper access to a device or network.
Google typically restricts public disclosure of detailed bug information until a majority of users have installed the patch. This practice helps prevent wider exploitation while the update is still rolling out. The new versions are 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux. Although the official rollout may extend over several days, many users can expect to receive the update immediately.
While discovering zero-day threats in Chrome is not uncommon, Google is generally commended for its rapid response in developing and distributing fixes. All users are strongly advised to check for the update and restart their browser as soon as the restart prompt appears to ensure their system is secure.
(Source: Forbes)
