479/68 Thursday, November 20, 2025
Google has released an emergency security update to patch a Zero-Day vulnerability in Chrome that has been actively exploited. The flaw, tracked as CVE-2025-13223, is rated High Severity and stems from a Type Confusion bug in the V8 JavaScript engine. The issue was discovered by Clement Lecigne of Google’s Threat Analysis Group (TAG), which frequently uncovers vulnerabilities used in spyware campaigns targeting high-risk individuals such as journalists, activists, and opposition politicians.
The update covers versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux. Users can update immediately by navigating to Help > About Google Chrome, then restarting the browser to apply the patch. Google is withholding technical details of the vulnerability until most users have updated, in order to reduce the risk of further exploitation.
This marks the seventh Chrome Zero-Day exploited in the wild in 2025. Earlier this year, Google issued patches in March, May, June, July, and September-several of which were discovered by TAG and some used in state-linked cyber operations. In 2024 alone, Google patched more than 10 exploited Zero-Days affecting Chrome, used both in Pwn2Own competitions and real-world attacks. These incidents highlight that Chrome continues to be a prime target for threat actors worldwide.
