If your Chrome browser hasn't been updated yet, you could be at risk from an actively exploited zero-day vulnerability that Google has just urgently patched.
Google is urging its 2 billion users to update immediately after confirming that the newly discovered zero-day, CVE-2025-13223, is already being exploited in real-world attacks. Cybersecurity authorities emphasize that this update isn't just a routine software patch—it's a critical security priority.
The vulnerability, tied to Chrome’s V8 JavaScript engine, has triggered a rapid cross-platform patching cycle, with both Google and national cybersecurity agencies strongly advising users to act swiftly.
Critical Vulnerability Confirmed
Google has verified active exploitation of the flaw, prompting emergency updates across major operating systems. According to Forbes, the vulnerability is classified as high severity, with ongoing exploitation attempts already detected.
The U.S. National Institute of Standards and Technology (NIST) states: “In Google Chrome versions prior to 142.0.7444.175, a type confusion issue in V8 allows remote attackers to potentially exploit heap corruption via a specially crafted HTML page.” The flaw received a high severity rating due to its potential to cause memory corruption through malicious web content.
Following standard security protocols, Google is withholding technical specifics until most users are protected. “Details about the vulnerability and related links may remain restricted until the majority of users are updated,” Google said. “We will also maintain these restrictions if the flaw affects third-party libraries that rely on the same code but haven’t yet been patched.”
Google’s Chrome release notes confirm that the stable channel update released on November 17, 2025, includes two security fixes: CVE-2025-13223 and CVE-2025-13224—both involving type confusion issues in the V8 engine. Google noted that patches will roll out over the coming days and acknowledged contributions from both internal teams and external researchers who helped identify these vulnerabilities.
Updates are now available for Windows, macOS, and Linux. While Chrome patches typically take days or weeks to fully deploy, users are strongly encouraged to install this emergency fix as soon as it becomes available on their systems.
Deployment and Update Instructions
Google has rolled out patched versions for Windows, macOS, Linux, and Android. Users can check for updates by navigating to Chrome’s menu, selecting Help → About Google Chrome, and restarting the browser once the patch is downloaded. Google also reminded users that while Chrome automatically downloads updates, the fixes only take effect after the browser is closed and relaunched.
The Cyber Security Agency of Singapore recommends that organizations verify their Chrome versions and enable automatic updates within the browser to ensure timely protection. Additionally, Hot Hardware advises reviewing other Chromium-based browsers—such as Microsoft Edge, Brave Browser, and Opera—as they often receive parallel updates based on the same underlying codebase.
