Immediate Update Recommended for CVE-2025-13223 Exploit
Google has issued an urgent security update for Chrome after detecting the seventh zero-day vulnerability of 2025, CVE-2025-13223, actively exploited in the wild. The vulnerability arises from a type confusion issue in the V8 JavaScript engine and has already been used in targeted attacks. The flaw was reported by Clément Lecigne from Google’s Threat Analysis Group (TAG), which frequently monitors attacks by state-backed actors targeting journalists, political opposition figures, and activists.
Patch Details and Availability
The Chrome update versions are as follows: 142.0.7444.175/176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux, now available in the Stable channel. Users can manually verify their version by navigating to Chrome > Help > About Google Chrome, then selecting Relaunch to immediately apply the patch. Although Chrome updates automatically, Google strongly recommends checking manually to protect against potential code execution attacks.
Alongside CVE-2025-13223, Google also patched CVE-2025-13224, identified using the company’s AI-powered fuzzing tools. Google confirmed active exploitation of CVE-2025-13223 but withheld detailed technical information to prevent further attacks until most users had applied the update.
Context of Chrome Zero-Day Threats in 2025
CVE-2025-13223 marks the seventh zero-day vulnerability in Chrome this year, following notable flaws such as CVE-2025-10585 and CVE-2025-6558 (September–July), CVE-2025-4664 (May), and CVE-2025-5419 (June), all actively exploited. Earlier in March, Google patched CVE-2025-2783, a severe sandbox escape exploited in surveillance campaigns targeting media and Russian state agencies. This year has highlighted a persistent zero-day threat environment, demonstrating the ongoing risk to browser users from sophisticated spyware and nation-state attacks.
User Guidance
Google advises all Chrome users, particularly those at higher risk of targeted attacks, to update to the latest version immediately. Regular updates remain the most effective defense against active exploits and emerging vulnerabilities.
About Google Threat Analysis Group (TAG)
TAG is dedicated to monitoring and mitigating sophisticated threats, including state-sponsored attacks, to protect users globally. Their work, supported by advanced AI tools, enables timely detection and mitigation of zero-day vulnerabilities before they become widespread threats.
 Source: Bleepingcomputer
