Google Issues Emergency Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google has rolled out an urgent security update to fix a serious zero-day vulnerability affecting the desktop edition of the Chrome browser.

The security issue, labeled CVE-2025-13223, is currently being exploited, according to the company—an indication that attackers have already leveraged the flaw in real-world scenarios.

The problem stems from a type-confusion bug within Chrome’s V8 JavaScript engine. In such cases, the browser mistakenly treats one data type as another, which can open the door for attackers to tamper with memory and run harmful code on a user’s machine.

The National Institute of Standards and Technology (NIST) notes that the weakness could allow a remote attacker to trigger heap corruption simply by delivering a specially crafted HTML page. This implies that malicious websites or phishing links may have been used to spread the attack.

Although Google has not shared extensive technical details, it credited Clément Lecigne, a member of the company’s security team known for uncovering state-backed and commercial surveillance threats. Lecigne identified the vulnerability on Nov. 12, prompting Google to rush out a patch.

Users will receive the fix through the latest builds of Chrome:

• Windows: Version 142.0.7444.175/.176

• macOS: Version 142.0.7444.176

• Linux: Version 142.0.7444.175

Newer Articles

• Google Maps Adds Anonymous Reviews, New Explore Tools, and AI-Powered Tips
• Target Brings In-App Shopping to ChatGPT ahead of Black Friday
• TP-Link Sues Netgear Over Alleged Smear Campaign and Security Claims

Older Articles

• Cloudflare Outage Triggers Global Slowdown: Major Platforms From OpenAI to Spotify Hit by Disruption
• Ford Dealers Are Now Selling Their Used Cars Through Amazon
• Microsoft Pushes Voice Controls With New Copilot Features in Windows 11