Overview
- Google released emergency Chrome updates that patch CVE-2025-13223, a high‑severity V8 type confusion flaw allowing heap corruption and potential code execution via a crafted HTML page.
- The fixed versions are 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux, and users must restart the browser to apply the protections.
- CISA added CVE-2025-13223 to its Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to remediate by December 10, 2025.
- Google also patched CVE-2025-13224, another V8 type confusion bug flagged by its Big Sleep AI system, alongside the zero‑day reported by TAG researcher Clément Lecigne.
- Google has not disclosed attacker identity, targets, or scale of exploitation; this marks the seventh Chrome zero‑day fixed in 2025, and Chromium‑based browsers will need corresponding updates.