Google has released a critical update for its Chrome browser to fix a zero-day vulnerability that is currently being actively exploited. Users are urged to update immediately to protect against sophisticated attacks. The update, available in Chrome Stable version 142.0.7444.175 for Windows and Linux, and 142.0.7444.176 for Mac, addresses two high-severity type confusion bugs in the V8 JavaScript engine. The most concerning of these is CVE-2025-13223, reported on November 12, 2025, which allows remote attackers to execute arbitrary code on victims’ systems without user interaction. Type confusion vulnerabilities occur when the V8 engine misinterprets data types, leading to memory corruption and potential bypass of Chrome’s sandbox protections. The second vulnerability, CVE-2025-13224, was identified on October 9, 2025, by Google’s internal Big Sleep fuzzing tool, showcasing the company’s proactive defense measures. The involvement of Google’s Threat Analysis Group suggests possible connections to advanced persistent threats, often linked to state-sponsored espionage or supply chain attacks. With over 65% of global browsers running Chrome, timely updates are crucial. Users are advised to enable automatic updates and exercise caution with suspicious links.
Is a Chrome zero-day vulnerability being actively exploited?
