Chrome Zero-Day Vulnerability CVE-2025-13223 Exploited in the Wild
Google has released an emergency security update to address CVE-2025-13223, a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome and Chromium-based browsers. This type confusion flaw, discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG), allows attackers to achieve heap corruption and potentially execute arbitrary code simply by luring users to maliciously crafted websites. The vulnerability has been actively exploited in the wild, with Google confirming that threat actors are weaponizing it to bypass browser sandbox protections, steal credentials, escalate privileges, and deploy malware.
The fix is included in Chrome version 142.0.7444.175/.176 for Windows, Mac, and Linux, and users are strongly urged to update and restart their browsers immediately to mitigate risk. Other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are also rolling out patches. The involvement of Google TAG suggests possible links to advanced persistent threats, highlighting the urgency for both individuals and enterprises to apply updates and monitor for suspicious activity.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
CISA adds CVE-2025-13223 to the KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency added the Google Chromium V8 flaw CVE-2025-13223 to its Known Exploited Vulnerabilities catalog. This formalized the vulnerability's status as actively exploited and elevated remediation urgency for affected organizations.
Public advisories warn CVE-2025-13223 can enable code execution
Security coverage and advisories on the day of release described CVE-2025-13223 as a V8 type confusion bug that can be triggered via crafted HTML pages, causing heap corruption, crashes, and arbitrary code execution. Reports also noted it was the seventh Chrome zero-day patched by Google in 2025.
Google releases emergency Chrome update for CVE-2025-13223 and CVE-2025-13224
Google issued emergency Chrome updates on Windows, macOS, and Linux to patch CVE-2025-13223, which was under active exploitation, and CVE-2025-13224. The fixes were released in Chrome version 142.0.7444.175/.176, with other Chromium-based browsers expected to follow and Vivaldi already patched.
Google TAG discovers exploited Chrome flaw CVE-2025-13223
Google credited Threat Analysis Group researcher Clément Lecigne with discovering CVE-2025-13223, a high-severity type confusion vulnerability in Chrome's V8 JavaScript and WebAssembly engine. Reporting indicates the flaw was already being exploited in the wild at the time of discovery.
Google's Big Sleep identifies related V8 flaw CVE-2025-13224
Google's AI-based bug hunting system Big Sleep discovered CVE-2025-13224, another high-severity V8 type confusion vulnerability. Unlike CVE-2025-13223, no in-the-wild exploitation had been reported for this bug at the time of disclosure.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Update Chrome ASAP - attackers are already exploiting this nasty zero-day flaw
zdnet.com
Open sourceGoogle Issues Emergency Update for 2B Chrome Users
techrepublic.com
Open sourceGoogle addresses Chrome zero-day leveraged in attacks
scworld.com
Open sourceU.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
securityaffairs.com
Open sourceGoogle Chrome security advisory (AV25-766)
cyber.gc.ca
Open sourceGoogle fixes new Chrome zero-day flaw exploited in attacks
bleepingcomputer.com
Open sourceMore work for admins as Google patches latest zero-day Chrome vulnerability
csoonline.com
Open sourceBreaking Down CVE-2025-13223: The Latest Chrome Zero-Day Threat
thecyberthrone.in
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Active Exploitation of Undisclosed Chrome Zero-Day Vulnerability
Google has released urgent security updates for the Chrome browser to address a high-severity vulnerability that is being actively exploited in the wild. The flaw, tracked internally as issue 466192044, remains undisclosed in terms of its technical details, affected component, and CVE identifier, as Google is withholding this information to protect users while patches are deployed. Alongside this critical issue, two other medium-severity vulnerabilities—CVE-2025-14372 (use-after-free in Password Manager) and CVE-2025-14373 (inappropriate implementation in Toolbar)—were also fixed. Users of Chrome and other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are strongly advised to update to the latest versions to mitigate risk. Security researchers have identified that the actively exploited vulnerability involves type confusion issues in Chrome’s V8 JavaScript engine, which can allow attackers to manipulate memory and potentially execute arbitrary code simply by luring users to malicious or compromised websites. With Chrome’s vast user base, the exposure is significant, and attackers are known to exploit such flaws before most users have updated. Google and security experts emphasize the importance of promptly applying browser updates and restarting Chrome to ensure protection against these in-the-wild attacks.
Mar 21, 2026
Google Patches Two Actively Exploited Chrome Zero-Days
Google released an urgent **Chrome stable channel** update to address two **high-severity zero-day vulnerabilities** that the company says are being **actively exploited in the wild**. The patched versions are `146.0.7680.75/76` for **Windows and macOS** and `146.0.7680.75` for **Linux**, with rollout occurring over days to weeks. The flaws were reported internally by Google on March 10, and Google said access to additional bug details may remain restricted until most users have updated. The two vulnerabilities are **CVE-2026-3909**, an **out-of-bounds write in Skia**, and **CVE-2026-3910**, an **inappropriate implementation in V8**. Both components are high-value targets because they sit in Chrome’s rendering and JavaScript execution paths, creating opportunities for malicious webpages to trigger memory corruption or unsafe browser behavior that could lead to **arbitrary code execution**. The update is a substantive security release rather than routine product news because Google explicitly confirmed that exploits exist for both issues, making rapid patching a priority for enterprises and end users.
Mar 21, 2026
Google Chrome Zero-Day CVE-2026-2441 Exploited in the Wild
Google released an urgent *Chrome for Desktop* Stable Channel update to address **CVE-2026-2441**, a high-severity zero-day that Google said has an exploit **active in the wild**. The issue is a **use-after-free in Chrome’s CSS component**, a memory-corruption flaw that can enable code execution in the browser context when a user visits a malicious or compromised webpage; the vulnerability was reported to Google by researcher **Shaheen Fazim**. The Canadian Centre for Cyber Security echoed the need to patch Chrome, advising organizations to update beyond affected Stable Channel versions (Windows/Mac prior to `145.0.7632.68` and Linux prior to `144.0.7559.67`), while third-party reporting indicated patched Stable builds rolling out to `145.0.7632.75/.76` (Windows/Mac) and `144.0.7559.75` (Linux). Other Canadian Centre advisories published in the same period covered unrelated vendor patches for **Tenable Nessus Agent** (CVE-2026-2026), **Juniper Secure Analytics (JSA)**, **HPE SimpliVity** (Intel firmware advisories), and **PostgreSQL** point releases; these are separate remediation items and not part of the Chrome zero-day event.
Mar 21, 2026