Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.
“Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to a description of the flaw in the NIST National Vulnerability Database (NVD).
Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on November 12, 2025. Google has not shared any details on who is behind the attacks, who may have been targeted, or the scale of such efforts.
However, the tech giant acknowledged that an “exploit for CVE-2025-13223 exists in the wild.”
With the latest update, Google has addressed seven zero-day flaws in Chrome that have been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. The list includes CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, and CVE-2025-10585.
CVE-2025-13223 is also the third actively exploited type confusion bug discovered in V8 this year after CVE-2025-6554 and CVE-2025-10585.
Also patched by Google as part of this patch is another type confusion vulnerability in V8 (CVE-2025-13224, CVSS score: 8.8) that was flagged by its artificial intelligence (AI) agent Big Sleep.
To safeguard against potential threats, it’s advised to update their Chrome browser to versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
Source: thehackernews.com…
Leave a Reply