Google has released an urgent security update for its Chrome browser to address a zero-day vulnerability that is being actively exploited. The flaw, tracked as CVE-2025-13223, is a type confusion issue in the V8 JavaScript and WebAssembly engine. This weakness could allow an attacker to execute arbitrary code or cause a program crash by leading a user to a specially crafted malicious webpage.
The company confirmed that an exploit for this vulnerability already exists in the wild but has not disclosed details about the attackers or the scale of the attacks. This marks the seventh zero-day flaw that Google has addressed in Chrome this year and the third type confusion bug discovered in the V8 engine in 2025. The fix was included in versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux.
Users are strongly advised to update their browsers immediately by navigating to Help > About Google Chrome, which will trigger a relaunch. Additionally, users of other Chromium-based browsers like Microsoft Edge and Brave should apply similar patches as soon as they become available from their respective vendors. Prompt installation of this update is critical to protect against potential exploitation.
Read more...