Overview
- The actively exploited flaw, tracked as CVE-2025-13223, is a V8 type confusion bug that can trigger heap corruption or code execution via crafted web content.
- Stable builds now stand at 142.0.7444.175/.176 on Windows, 142.0.7444.176 on macOS, and 142.0.7444.175 on Linux.
- Google credited Threat Analysis Group researcher Clément Lecigne with reporting the issue on November 12 and has not disclosed attacker identity, targets, or scale.
- The patch set also fixes CVE-2025-13224, another V8 type confusion issue flagged by Google’s AI agent Big Sleep.
- Updates download automatically, but users must restart Chrome to install them; regular tabs reload while incognito tabs do not.