Type Confusion in Google Chrome V8
CVE-2025-13223 is a high-severity type confusion vulnerability in the V8 JavaScript engine used by Google Chrome, including references indicating impact in the JavaScript and WebAssembly engine. In Google Chrome versions prior to 142.0.7444.175, processing a crafted HTML page can trigger type confusion that leads to heap corruption. Multiple sources in the provided content state that Google confirmed exploitation in the wild and that the issue was reported by Google Threat Analysis Group (TAG).
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.
This repository provides a proof-of-concept exploit for CVE-2025-13223, a critical type confusion vulnerability in the V8 JavaScript engine of Google Chrome (up to version 141.0.7390.76 on Windows). The exploit is designed to demonstrate heap corruption and arbitrary read/write in the Chrome renderer process by generating a malicious HTML file (payload.html) with JavaScript that manipulates TypedArray objects and prototype chains. The exploit is executed via a Windows executable (exploit.exe, included in a downloadable ZIP), which prepares the payload and guides the user to load it in a vulnerable Chrome instance. The repository includes a configuration file (config.json) to adjust exploit parameters such as heap spray size and prototype chain depth. The attack vector is browser-based, requiring the victim to visit a crafted page, and is remote-capable but requires user interaction. The repository is structured with a detailed README.md explaining usage, prerequisites, and mitigation, and a config.json for exploit tuning. No source code for the exploit executable or payload is included in the repository itself, but the documentation is comprehensive and outlines the exploit's operation and intended research use.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
130 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A specific vulnerability listed as suspected to be exploited by Iran-linked actors in real-world campaigns; no further technical detail is provided in the content.
Chrome V8 type confusion vulnerability enabling arbitrary code execution or crashes; actively exploited in the wild; patched by Google.
Memory corruption zero-day in Chrome V8 described as used in active attacks.
A V8 type confusion vulnerability in Chrome, exploited in espionage operations, allowing attackers to achieve code execution.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.