"Another day, another zero-day, at least for Google Chrome. In an advisory released Monday, Google warned of a dangerous new security vulnerability affecting its popular browser. Fortunately, the latest update squashes the bug. Here are the details. Rated as a high security flaw, the zero day labeled CVE-2025-13223 is described as: "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.""
"In its advisory, Google revealed that an exploit for the flaw exists in the wild. That means attackers were aware of the vulnerability and already tried to take advantage of it to prey on potential victims. Zero-day flaws are particularly serious as they represent an open invitation to hackers. They're known as zero days because the vendor doesn't know about them (e.g., knows about them for zero days). As such, no patch exists, allowing attackers to easily exploit them."
Chrome's V8 JavaScript engine contained a high-severity type confusion vulnerability (CVE-2025-13223) in versions prior to 142.0.7444.175 that allowed heap corruption via crafted HTML. The flaw could enable remote attackers to execute malicious code or otherwise compromise the browser through specially designed web pages. An exploit for the vulnerability has been observed in the wild. Zero-day vulnerabilities are dangerous because no vendor patch exists until disclosure, increasing attacker opportunity. Google's Threat Analysis Group discovered the issue on Nov. 12. Updating Chrome to the fixed version mitigates the risk by addressing the V8 type confusion and preventing known exploits.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]