Google Patches Actively Exploited Chrome Zero-Day in V8 Engine

Google Patches Actively Exploited Chrome Zero-Day in V8 Engine

November 23, 2025 – Google has released an emergency Chrome update to fix CVE-2025-13223, a critical type confusion vulnerability in the V8 JavaScript engine that is already being exploited in the wild. This is the seventh zero-day patched in Chrome in 2025.

Key Details

CVE-2025-13223 (CVSS 8.8): Actively exploited heap corruption flaw in V8 Discovered and reported by Google’s Threat Analysis Group

CVE-2025-13224 (CVSS 8.8): Second V8 type confusion bug, found using Google’s AI fuzzer “Big Sleep” (not yet exploited)

Affected Versions & Fixed Version

All Chrome versions before 142.0.7444.175/.176 (Windows, macOS, Linux) are vulnerable.

Action Required

Update Chrome immediately: → Menu → Help → About Google Chrome The browser will auto-download and apply the patch on relaunch.

Users of Edge, Brave, Opera, and other Chromium-based browsers should update as soon as their vendors release fixes.

This marks the third V8 zero-day exploited in 2025, highlighting the engine as a prime target for attackers. Treat this update as urgent.