Google has rushed out a important replace for its Chrome browser to handle a zero-day vulnerability actively exploited within the wild, urging customers to replace instantly to mitigate the danger posed by subtle attackers.
The patch, rolled out in Chrome Steady model 142.0.7444.175 for Home windows and Linux, and 142.0.7444.176 for Mac, fixes two high-severity sort confusion bugs within the V8 JavaScript engine.
Probably the most alarming is CVE-2025-13223, reported on November 12, 2025, by Clément Lecigne of Google’s Risk Evaluation Group (TAG).
Google confirmed an exploit for this flaw is already circulating, probably permitting distant attackers to execute arbitrary code on victims’ techniques with out interplay.
Kind confusion vulnerabilities, a staple in browser exploits, happen when the V8 engine misinterprets knowledge sorts, resulting in reminiscence corruption. This could allow attackers to bypass Chrome’s sandbox protections, steal delicate info, or set up malware.
The second repair, CVE-2025-13224, was recognized earlier on October 9, 2025, by Google’s inside Large Sleep fuzzing instrument, highlighting the corporate’s proactive protection layers, reads the advisory.
TAG’s involvement suggests potential ties to superior persistent threats (APTs), because the group usually tracks state-sponsored operations utilizing such flaws for espionage or provide chain assaults.
This incident underscores Chrome’s dominance as a goal, as over 65% of worldwide browsers run the engine, making well timed patches important.
Google credit instruments like AddressSanitizer and libFuzzer for early detection, however the fast exploitation timeline, from report back to wild use in below per week, raises questions on attribution. Customers ought to allow automated updates and keep away from suspicious hyperlinks.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
