Overview
- Google confirmed active exploitation of CVE-2025-13223 and credited Google TAG researcher Clément Lecigne with reporting the flaw on November 12.
- Fixed builds are rolling out as 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux, with users advised to update via About Google Chrome and relaunch.
- CVE-2025-13223 is a high‑severity type confusion bug in the V8 engine that can enable heap corruption or arbitrary code execution via a crafted webpage.
- A second V8 type confusion vulnerability, CVE-2025-13224, was also patched after being flagged by Google’s AI research system Big Sleep.
- Google is restricting technical details until most users are protected, and other Chromium browsers are expected to ship corresponding fixes, with Vivaldi already issuing an update.