Add Techlomedia as a preferred source on Google.
Google has released an urgent security update for Chrome after discovering that attackers are already exploiting a new zero-day vulnerability. The flaw, tracked as CVE-2025-13223, is a high-risk type confusion bug inside Chrome’s V8 JavaScript engine. Google confirmed that real-world attacks are underway, which makes this update extremely important for every user.
The fix has been pushed out in Chrome 142.0.7444.175 for Windows and Linux, and 142.0.7444.176 for macOS. If users do not update, attackers can run their own code on the system through a malicious website. This means they can steal data, install malware, or completely compromise the device without any user action.
Type confusion bugs are common in modern browser attacks. They happen when the browser mixes up data types and ends up corrupting memory. Once that happens, attackers can break out of Chrome’s sandbox and directly target the operating system. This particular flaw was reported on November 12, 2025, by Clément Lecigne from Google’s Threat Analysis Group (TAG). TAG usually investigates high-end cyberattacks, often linked to state-sponsored hacking, which shows how serious this case is.
Google has also patched another V8 bug, CVE-2025-13224, which was found earlier by the company’s internal fuzzing system called Big Sleep. Both fixes show how Chrome relies heavily on automated detection tools like AddressSanitizer and libFuzzer. Yet even with these strong defenses, attackers managed to weaponize the flaw within days of discovery.
Chrome continues to be one of the most targeted browsers in the world, mainly because more than 65 percent of users globally rely on it. This makes any zero-day inside Chrome a high-value target for cybercriminals. The speed at which this vulnerability went from reporting to active exploitation suggests that attackers were prepared or waiting for an opportunity.
Users should update immediately by visiting: Settings → Help → About Google Chrome. Chrome will automatically download the latest version.
How Users Can Protect Themselves
A zero-day inside a browser is a reminder that you cannot fully control what is happening on the web, but you can reduce your exposure. You should always keep your Chrome browser up to date. Even a few hours of delay can put your device at risk when active exploitation is involved. Many users turn off auto-updates to “save data,” but this puts them at risk. Let the browser update itself silently in the background.
Most browser exploits still begin with a malicious website or redirect. Avoid unknown links sent through email, social media, or messaging apps.
A VPN does not stop zero-days, but it does make it harder for attackers, advertisers, or compromised networks to track you. A reliable VPN like NordVPN or Surfshark can encrypt your entire connection, especially when you are on public Wi-Fi.
If a browser exploit leads to data theft, you do not want all passwords exposed at once.
Password managers like NordPass, 1Password, or Dashlane generate unique passwords for each site. Even if one password leaks, the rest stay safe.
You should also enable Enhanced Safe Browsing. Chrome has this built-in mode that checks dangerous sites in real time. It reduces the chances of landing on a malicious page that tries to trigger browser exploits. Even if Chrome gets exploited, a fully patched operating system can limit what attackers can do.
Follow Techlomedia on Google News to stay updated. 
Affiliate Disclosure:
This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.
