Summary : Security advisory: Google has released an urgent security update to patch two high-severity Type Confusion vulnerabilities in the V8 JavaScript engine. The CVEs vulnerabilities are CVE-2025-13223, CVE-2025-13224 .

OEM	Google
Severity	High
CVSS Score	8.8
CVEs	CVE-2025-13223, CVE-2025-13224
POC Available	No
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview 

One of these vulnerability (CVE-2025-13223) is already being actively exploited in the wild, allowing attackers to potentially execute arbitrary code through malicious web content. which attackers can bypass Chrome’s sandbox, steal sensitive data, or deploy malware. The fixes have been rolled out for Chrome Stable 142.0.7444.175/.176 across Windows, Mac, and Linux. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​Type Confusion Vulnerability in V8 JavaScript Engine	CVE-2025-13223	Google Chrome	High	v142.0.7444.175 / v142.0.7444.176
Type Confusion Vulnerability in V8 JavaScript Engine	CVE-2025-13224	Google Chrome	High	v142.0.7444.175 / v142.0.7444.176

Technical Summary 

Both vulnerabilities occur from Type Confusion vulnerabilities in Chrome’s V8 engine, where incorrect data-type handling leads to memory corruption and possible code execution. The CVE-2025-13223 is already being exploited in the wild and may involve APT-driven activity.

Another vulnerability was found internally through Google’s Big Sleep fuzzing system as part of ongoing proactive defense.

These weaknesses can allow attackers to bypass browser security boundaries and execute malicious actions remotely. Urgent need for users and administrators to apply Chrome’s latest security updates immediately. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-13223	Google Chrome (V8 Engine)	Type confusion due to improper type handling in V8 allowing memory corruption.	Remote Code Execution, Sandbox Escape
CVE-2025-13224	Google Chrome (V8 Engine)	Type confusion triggered during script execution, discovered via fuzzing	Remote Code Execution, Browser Crash

Remediation: 

• Immediate Action: Users and organization administrators should update Chrome immediately to the following patched versions: 

• Windows: 142.0.7444.175 / 142.0.7444.176 

• MacOS: 142.0.7444.176 

• Linux: 142.0.7444.175 

Here are some recommendations below 

• Enforce Chrome auto-updates on all endpoints via enterprise policies. 

• Monitor browser crash logs and unusual behaviors tied to JavaScript execution. 

• Run updated vulnerability & patch management tools to ensure full endpoint compliance. 

• Educate users to avoid suspicious links and unknown websites during active exploitation events 

Conclusion: 
With Chrome being the most widely used browser globally, prompt updates are essential for the new security vulnerabilities. Maintaining browsers at the latest versions remains the strongest defenses against modern web-based attacks in modern cyber world. 

References: 

• https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html?m=1 

• https://cybersecuritynews.com/chrome-type-confusion-zero-day/