Google Issues Emergency Chrome Update as Zero-Day Vulnerability Exploited in Active Attacks
Google Issues Emergency Chrome Update as Zero-Day Vulnerability Exploited in Active Attacks
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Google Issues Emergency Chrome Update as Zero-Day Vulnerability Exploited in Active Attacks
Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year, suddenly warning all desktop users of ongoing attacks targeting the browser.
The vulnerability, CVE-2025-13223, was reported as exploited in the wild by Google’s Threat Analysis Group.
Understanding Zero-Day Vulnerabilities: How Hackers Exploit Windows Kernel Flaws
Critical V8 Engine Flaw Under Active Exploitation
CVE-2025-13223 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes. According to the National Institute of Standards and Technology (NIST), the vulnerability affects Google Chrome versions prior to 142.0.7444.175 and carries a high severity rating with a CVSS score of 8.8.
The flaw was discovered and reported by Clément Lecigne of Google’s Threat Analysis Group on November 12, 2025. Google TAG researchers frequently uncover zero-day exploits used by government-sponsored threat actors and commercial spyware vendors, particularly in campaigns targeting journalists, opposition politicians, dissidents, and other high-risk individuals.
The type confusion weakness allows remote attackers to exploit heap corruption through specially crafted HTML pages. While Google has confirmed active exploitation, the company has not disclosed details about who is behind the attacks, the targets, or the scale of the campaign.
How Do I Know If My Router Has Been Hacked?
Immediate Action Required: How to Update
While Chrome typically downloads updates automatically, users must restart the browser to complete the installation. This urgency underscores the severity of the threat, as the fix is being rolled out immediately rather than through the usual gradual deployment over days or weeks.
To manually update Chrome:
- Click the three-dot menu icon in the top-right corner
- Navigate to Help → About Google Chrome
- The browser will automatically check for and download the latest version
- Click Relaunch when prompted
Alternatively, users can type chrome://settings/help directly into the address bar to access the update page.
Important notes:
- Regular tabs will reload after the restart, but incognito mode tabs will not be restored
- Save any important work before relaunching the browser
- The update brings Chrome to versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux
How Did Tesla and Major Companies Fall Victim to Cryptojacking?
Growing Threat to Browser Security
CVE-2025-13223 is already the seventh zero-day patched in Chrome this year, showing how consistently attackers target the browser’s JavaScript engine. It is also the third actively exploited type confusion bug discovered in V8 this year after CVE-2025-6554 and CVE-2025-10585.
The update also addresses a second V8 type confusion vulnerability (CVE-2025-13224), which was discovered by Google’s AI-powered vulnerability research system, Big Sleep. While this second flaw has not been exploited in the wild, it carries the same high-severity rating and requires immediate patching.
As is standard practice, Google is restricting access to detailed bug information until most users have installed the fix. The company noted it will maintain these restrictions particularly if the vulnerability exists in third-party libraries that other projects depend on but have not yet patched.
How to Prevent SSH Brute Force Attacks: A Comprehensive Guide
Impact on Other Browsers
Chromium-based browsers like Microsoft Edge, Brave, and Opera are expected to get these fixes soon, and Vivaldi maintainers have already delivered a fix for CVE-2025-13223. Users of these browsers should watch for updates and install them promptly.
While Chrome zero-day vulnerabilities are unfortunately not uncommon, the speed with which Google develops and deploys fixes remains commendable. All users should update their browsers immediately upon seeing the restart prompt to protect against this actively exploited threat.
Update your Chrome browser now to protect against this critical security vulnerability being used in active attacks.
