Google on Monday released security updates for its Chrome browser to address two security flaws, including one that is being exploited in the wild.
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8). This is a type confusion vulnerability in the V8 JavaScript and WebAssembly engines that can be exploited to execute arbitrary code or cause the program to crash.
According to the flaw description in the NIST National Vulnerability Database (NVD), “Type confusion in Google Chrome V8 before 142.0.7444.175 could allow a remote attacker to exploit heap corruption via a crafted HTML page.”
Clément Lecigne of Google’s Threat Analysis Group (TAG) is credited with discovering and reporting this flaw on November 12, 2025. Google did not share any details about who was behind the attack, who was targeted, or the scale of such efforts.
However, the tech giant admitted that “an exploit for CVE-2025-13223 does indeed exist.”
In its latest update, Google addressed seven zero-day flaws in Chrome that have been actively exploited or demonstrated as proofs of concept (PoC) since the beginning of this year. The list includes CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, and CVE-2025-10585.
CVE-2025-13223 is also the third most actively exploited type confusion bug discovered in V8 this year, after CVE-2025-6554 and CVE-2025-10585.
Another type confusion vulnerability in V8 (CVE-2025-13224, CVSS score: 8.8) reported by the artificial intelligence (AI) agent Big Sleep was also fixed by Google as part of this patch.
To protect against potential threats, we recommend updating your Chrome browser to version 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux. To ensure the latest updates are installed, users can[詳細]>[ヘルプ]>[Google Chrome について]Move to[再起動]Select.
Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply fixes when they become available.
Source link
