Google has issued an urgent security update to address the seventh zero-day vulnerability in Chrome exploited in attacks this year. The vulnerability, CVE-2025-13223, is a high-severity type confusion flaw in Chrome’s V8 JavaScript engine, identified by Google’s Threat Analysis Group. This group often detects zero-day exploits used by government-backed threat actors in spyware campaigns against high-risk targets like journalists and dissidents. The flaw has been patched in versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. Although Chrome updates automatically, users can manually check for updates and install the latest version. Google has acknowledged the active exploitation of this vulnerability but has not yet disclosed further details. Restrictions on bug details will remain until most users have updated, or if the bug affects third-party libraries still vulnerable. This patch follows a series of fixes throughout the year for other zero-day vulnerabilities, including those addressed in March, May, June, July, and September.
Has Google fixed another Chrome zero-day vulnerability?
