Google on Monday rolled out an emergency Chrome 142 replace to deal with a vulnerability exploited within the wild as a zero-day.
Tracked as CVE-2025-13223 (CVSS rating of 8.8), the exploited high-severity flaw is described as a kind confusion difficulty within the V8 JavaScript and WebAssembly engine.
Reminiscence security bugs that might set off surprising software program conduct, sort confusion vulnerabilities may result in crashes, distant code execution, and different sorts of malicious operations.
Sort confusion defects within the V8 engine can usually be exploited through crafted HTML pages for distant learn/write operations.
“Google is conscious that an exploit for CVE-2025-13223 exists within the wild,” the web large notes in its advisory, with out offering particulars on the bug or its exploitation.
Nevertheless, the corporate says the vulnerability was reported by Clément Lecigne of Google’s Risk Evaluation Group (TAG) on November 12. This means {that a} business adware vendor might need focused the bug in assaults.
TAG researchers have found quite a few safety defects exploited by business adware, together with vulnerabilities in Chrome.
CVE-2025-13223 is the seventh zero-day vulnerability resolved in Chrome this 12 months. The sixth was mounted in September.Commercial. Scroll to proceed studying.
The browser replace additionally resolves CVE-2025-13224, one other sort confusion difficulty in V8, reported by the Massive Sleep AI agent.
Google makes no point out of this safety defect being exploited within the wild, however the web large did reward Massive Sleep earlier than for locating bugs that menace actors knew about and have been on the point of exploit within the wild.
The newest Chrome iteration is now rolling out as model 142.0.7444.175 for Linux, model 142.0.7444.176 for macOS, and variations 142.0.7444.175/.176 for Home windows.
Associated: Firefox 145 and Chrome 142 Patch Excessive-Severity Flaws in Newest Releases
Associated: Chrome 142 Replace Patches Excessive-Severity Flaws
Associated: Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
Associated: Widespread Exploitation of XWiki Vulnerability Noticed
