- Google patches Chrome zero-day CVE-2025-13223 in V8 engine
- Bug enabled arbitrary code execution, doubtless exploited by state-sponsored risk actors
- Customers ought to replace Chrome to model 142.0.7444.175/.176 throughout platforms
Google has patched a worrying safety flaw in its Chrome browser that was being abused within the wild as a zero-day.
In a brand new safety advisory, Google mentioned it fastened a sort confusion vulnerability within the V8 JavaScript and WebAssembly engine which ends up in arbitrary code execution. V8 is the browser’s JavaScript and WebAssembly engine – primarily the “mind” that reads, compiles, and executes JavaScript and WASM code in net pages.
The vulnerability is now tracked as CVE-2025-13223 and has a severity rating of 8.8/10 (excessive). “Kind Confusion in V8 in Google Chrome previous to 142.0.7444.175 allowed a distant attacker to doubtlessly exploit heap corruption by way of a crafted HTML web page,” the Nationwide Vulnerability Database (NVD) mentioned in its explainer.
Fixing the issue
As reported by The Hacker Information, the bug was first found by a safety researcher from Google’s Risk Evaluation Group (TAG), who didn’t element the identities of each attackers, and the victims.
Nevertheless, we all know from earlier studies that Google’s TAG crew normally displays state-sponsored risk actors, so it’s protected to imagine that this bug was being leveraged by actors equivalent to North Korea, China, Russia, or Iran. Each Lazarus Group (North Korea) and APT29 (Russia) have been noticed abusing Chrome’s flaws prior to now.
That is the third sort confusion bug present in V8 this 12 months, The Hacker Information added, after CVE-2025-6554 and CVE-2025-10585.
Since by default, Google updates mechanically subsequent time it’s launched, customers are more than likely not required to do something. Nevertheless, in case automated updates are turned off, be sure that to convey the browser to variations 142.0.7444.175/.176 for Home windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux.
To test the model of Chrome you’re working, navigate to Extra > Assist > About Google Chrome and choose Relaunch.
The most effective antivirus for all budgets
Comply with TechRadar on Google Information and add us as a most well-liked supply to get our knowledgeable information, critiques, and opinion in your feeds. Ensure to click on the Comply with button!
And naturally you may as well observe TechRadar on TikTok for information, critiques, unboxings in video type, and get common updates from us on WhatsApp too.
