Article Details
Scrape Timestamp (UTC): 2025-11-18 04:48:23.692
Source: https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html
Original Article Text
Click to Toggle View
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability. Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes. "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to a description of the flaw in the NIST National Vulnerability Database (NVD). Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on November 12, 2025. Google has not shared any details on who is behind the attacks, who may have been targeted, or the scale of such efforts. However, the tech giant acknowledged that an "exploit for CVE-2025-13223 exists in the wild." With the latest update, Google has addressed seven zero-day flaws in Chrome that have been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. The list includes CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, and CVE-2025-10585. CVE-2025-13223 is also the third actively exploited type confusion bug discovered in V8 this year after CVE-2025-6554 and CVE-2025-10585. Also patched by Google as part of this patch is another type confusion vulnerability in V8 (CVE-2025-13224, CVSS score: 8.8) that was flagged by its artificial intelligence (AI) agent Big Sleep. To safeguard against potential threats, it's advised to update their Chrome browser to versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
Daily Brief Summary
Google has issued a security update for Chrome to address CVE-2025-13223, a critical zero-day vulnerability actively exploited in the wild, affecting the V8 JavaScript engine.
The flaw, identified as a type confusion vulnerability, allows remote attackers to execute arbitrary code or cause program crashes via crafted HTML pages.
Discovered by Google's Threat Analysis Group, the vulnerability has a CVSS score of 8.8, indicating a high severity level and significant potential impact.
Google has not disclosed information regarding the attackers or specific targets, but confirmed the existence of active exploits for this vulnerability.
The update also addresses another type confusion vulnerability, CVE-2025-13224, identified by Google's AI agent, Big Sleep, further strengthening Chrome's security posture.
Users are urged to update Chrome to the latest versions for Windows, macOS, and Linux to mitigate potential risks from these vulnerabilities.
Other Chromium-based browser users, including those using Microsoft Edge, Brave, Opera, and Vivaldi, are advised to apply similar updates when available.
This marks the seventh zero-day flaw addressed by Google in 2025, emphasizing the ongoing need for vigilance and timely patch management.