Overview
- The U.S. cyber agency added CVE-2025-13223 to its Known Exploited Vulnerabilities catalog and set a December 10 remediation deadline for federal networks.
- Google issued desktop Chrome updates to 142.0.7444.175/.176 on Windows, 142.0.7444.176 on macOS, and 142.0.7444.175 on Linux, and users must restart to complete the fix.
- CVE-2025-13223 is a high-severity V8 type confusion bug enabling heap corruption and possible code execution via a crafted HTML page, reported November 12 by TAG researcher Clément Lecigne.
- A second V8 type confusion flaw, CVE-2025-13224, was also patched after being discovered by Google’s Big Sleep AI vulnerability-hunting system.
- This is the seventh Chrome zero-day fixed in 2025, and Chromium-based browsers are propagating corresponding patches, with Vivaldi already shipping a fix.