- Google patches Chrome zero-day CVE-2025-13223 in V8 engine
- Bug allowed arbitrary code execution, likely exploited by state-sponsored threat actors
- Users should update Chrome to version 142.0.7444.175/.176 on all platforms.
Google has fixed a worrying security flaw in its Chrome browser that was being abused in the wild as a zero-day.
In a new security advisory, Google said it fixed a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that leads to arbitrary code execution. V8 is the browser’s JavaScript and WebAssembly engine; essentially the “brain” that reads, compiles, and executes JavaScript and WASM code on web pages.
The vulnerability is now tracked as CVE-2025-13223 and has a severity score of 8.8/10 (high). “Type Confusion in V8 in Google Chrome before 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” the National Vulnerability Database (NVD) said in its explanation.
Solving the problem
As reported by Hacker NewsThe bug was first discovered by a security researcher from Google’s Threat Analysis Group (TAG), who did not detail the identities of either the attackers or the victims.
However, we know from previous reports that Google’s TAG team typically monitors state-sponsored threat actors, so it’s safe to assume that actors like North Korea, China, Russia, or Iran were taking advantage of this bug. Both Lazarus Group (North Korea) and APT29 (Russia) have been noted to abuse Chrome flaws in the past.
This is the third type of confusion error found in V8 this year. Hacker News added, after CVE-2025-6554 and CVE-2025-10585.
Since, by default, Google updates automatically the next time it is launched, users most likely won’t have to do anything. However, in case automatic updates are disabled, make sure to update the browser to versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux.
To check the version of Chrome you’re running, navigate to More > Help > About Google Chrome and select Restart.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
