Google Chrome bug exploited as an 0-day - patch now

Google Chrome bug exploited as an 0-day - patch now

Briefly

"The vulnerability, tracked as CVE-2025-13223, is a type confusion flaw in the V8 JavaScript engine, and it's the seventh Chrome zero-day this year. All have since been patched. But if you use Chrome as your web browser, make sure you are running the most recent version - or risk full system compromise. This type of vulnerability happens when the engine misinterprets a block of memory as one type of object and treats it as something it's not."

""Google is aware that an exploit for CVE-2025-13223 exists in the wild," the Monday security alert warned. Also on Monday, Google issued a second emergency patch for another high-severity type confusion bug in Chrome's V8 engine. This one is tracked as CVE-2025-13224. As of now, there's no reports of exploitation - so that's another reason to update sooner than later."

"Google's LLM-based bug hunting tool Big Sleep found CVE-2025-13224 in October, and a human - the Chocolate Factory's own Clément Lecigne - discovered CVE-2025-13223 on November 12. Lecigne is a spyware hunter with Google's Threat Analysis Group (TAG) credited with finding and disclosing several of these types of Chrome zero-days. While we don't have any details about who is exploiting CVE-2025-13223 and what they are doing with the access, TAG tracks spyware and nation-state attackers abusing zero days for espionage expeditions."