Google has rolled out security updates for its Chrome browser to fix two vulnerabilities, one of which is currently being exploited. The critical flaw, identified as CVE-2025-13223 with a CVSS score of 8.8, involves a type confusion issue in the V8 JavaScript and WebAssembly engine. This flaw could allow attackers to execute arbitrary code or cause program crashes through a specially crafted HTML page. Discovered by ClĂ©ment Lecigne from Google’s Threat Analysis Group, the vulnerability has been actively exploited, although Google has not disclosed specifics about the attackers or targets.
This update marks the seventh zero-day flaw addressed by Google in Chrome this year, with previous vulnerabilities including CVE-2025-2783, CVE-2025-4664, and others. CVE-2025-13223 is notably the third type confusion bug in V8 to be exploited this year. Additionally, Google has patched another type confusion vulnerability, CVE-2025-13224, identified by its AI agent Big Sleep.
Users are urged to update their Chrome browsers to the latest versions: 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux. Updates can be applied by navigating to More > Help > About Google Chrome and selecting Relaunch. Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as they become available.
