Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Posted on By CWS

Nov 18, 2025Ravie LakshmananBrowser Safety / Vulnerability
Google on Monday launched safety updates for its Chrome browser to deal with two safety flaws, together with one which has come below energetic exploitation within the wild.
The vulnerability in query is CVE-2025-13223 (CVSS rating: 8.8), a sort confusion vulnerability within the V8 JavaScript and WebAssembly engine that might be exploited to attain arbitrary code execution or program crashes.
“Kind Confusion in V8 in Google Chrome previous to 142.0.7444.175 allowed a distant attacker to probably exploit heap corruption through a crafted HTML web page,” in accordance with an outline of the flaw within the NIST Nationwide Vulnerability Database (NVD).
Clément Lecigne of Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting the flaw on November 12, 2025. Google has not shared any particulars on who’s behind the assaults, who might have been focused, or the dimensions of such efforts.
Nonetheless, the tech large acknowledged that an “exploit for CVE-2025-13223 exists within the wild.”

With the newest replace, Google has addressed seven zero-day flaws in Chrome which were both actively exploited or demonstrated as a proof-of-concept (PoC) for the reason that begin of the 12 months. The record consists of CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, and CVE-2025-10585.
CVE-2025-13223 can also be the third actively exploited kind confusion bug found in V8 this 12 months after CVE-2025-6554 and CVE-2025-10585.
Additionally patched by Google as a part of this patch is one other kind confusion vulnerability in V8 (CVE-2025-13224, CVSS rating: 8.8) that was flagged by its synthetic intelligence (AI) agent Huge Sleep.
To safeguard in opposition to potential threats, it is suggested to replace their Chrome browser to variations 142.0.7444.175/.176 for Home windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux. To ensure the newest updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, akin to Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they grow to be out there.

The Hacker News Tags:, , , , , , , ,

Related Posts

WhatsApp Attack Uses Fake Files to Deploy RMM Software WhatsApp Attack Uses Fake Files to Deploy RMM Software The Hacker News
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials The Hacker News
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks The Hacker News
Ex-Google Engineers Charged with Trade Secret Theft to Iran Ex-Google Engineers Charged with Trade Secret Theft to Iran The Hacker News
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year? How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year? The Hacker News
China-Linked TA4922 Broadens Cyber Attacks Globally China-Linked TA4922 Broadens Cyber Attacks Globally The Hacker News