Google releases emergency Chrome update to patch actively exploited vulnerability

Google has released an emergency security update for its Chrome browser on November 17, 2025, patching two vulnerabilities in the V8 JavaScript engine, including one zero-day flaw that is being actively exploited in the wild. 

Vulnerabilities summary:

• CVE-2025-13223 (CVSS score 8.8) - Type Confusion in V8, reported by Clément Lecigne of Google's Threat Analysis Group on November 12, 2025, confirmed to be actively exploited in the wild
• CVE-2025-13224 (CVSS score 8.8) - Type Confusion in V8, reported by Google Big Sleep AI agent on October 9, 2025, no active exploitation confirmed.

Type Confusion vulnerabilities occur when the V8 engine incorrectly interprets data types, creating opportunities for memory corruption that attackers can use to bypass Chrome's security protections. 

The update is released as versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux, which will roll out to users over the coming days and weeks. 

Google has confirmed active exploitation of one vulnerability. Google has restricted detailed technical information until the majority of users have updated their browsers. 

Google's Threat Analysis Group discovered the actively exploited CVE-2025-13223, which strongly suggests the vulnerability may be exploited by government-sponsored threat groups or commercial spyware vendors in targeted campaigns. 

Users should update immediately and verify they are running the latest version by navigating to Chrome menu > Help > About Google Chrome, allowing the update to complete, and clicking the "Relaunch" button to install it. Users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as soon as they become available from their respective vendors.