Ethical Hacking News
Google has released an emergency update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year, a high-severity flaw caused by a type confusion weakness in the browser's V8 JavaScript engine. The update addresses an exploit that could be used by government-sponsored threat groups to target journalists and dissidents for espionage purposes.
Google has released an emergency security update to fix a seventh Chrome zero-day vulnerability. The vulnerability, CVE-2025-13223, is caused by a type confusion weakness in Chrome's V8 JavaScript engine. The exploit could be used by government-sponsored threat groups to target high-risk individuals for espionage purposes. This is the seventh actively exploited zero-day flaw addressed by Google this year.
Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. The new update, version 142.0.7444.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux, was made available immediately after Google's Threat Analysis Group (TAG) discovered the vulnerability.
The zero-day flaw, identified as CVE-2025-13223, is caused by a type confusion weakness in Chrome's V8 JavaScript engine. This weakness allows attackers to execute malicious code with elevated privileges, potentially leading to unauthorized access to sensitive data or control over user systems.
According to Google TAG, this vulnerability was actively exploited in attacks against high-risk individuals, including journalists, opposition politicians, and dissidents. The organization warned that the exploit could be used by government-sponsored threat groups to target these individuals for espionage purposes.
Google's response to the vulnerability is part of a growing trend of the company addressing multiple zero-day flaws in its products this year. In March, Google patched six more zero-day vulnerabilities, including one actively exploited flaw (CVE-2025-2783) that was used in espionage attacks against Russian media outlets and government organizations.
In May, Google released emergency security updates to address a Chrome zero-day vulnerability (CVE-2025-4664) that enabled threat actors to hijack user accounts. The company also fixed an out-of-bounds read and write flaw (CVE-2025-5419) in the V8 JavaScript engine discovered by Google TAG in June.
This latest update brings the total number of zero-day flaws addressed by Google this year to 17, including seven actively exploited vulnerabilities. The company has continued to prioritize security updates for its products, highlighting the growing importance of staying up-to-date with the latest patches and security fixes.
The updated Chrome browser version is now available for download and can be installed manually through the browser's menu system. Users can also confirm they are running the latest version by going to Chrome menu > Help > About Google Chrome, letting the update finish, and then clicking on the 'Relaunch' button to install it.
In a statement, Google warned that "Access to bug details and links may be kept restricted until a majority of users are updated with a fix." This suggests that the company is taking a cautious approach to sharing information about the vulnerability, particularly in light of its active exploitation by government-sponsored threat groups.
The Chrome browser's reliance on user engagement and updates to ensure security highlights the ongoing importance of staying informed about potential vulnerabilities and keeping software up-to-date. As with previous zero-day exploits, this latest incident underscores the need for users to prioritize their online safety and take proactive steps to secure their devices against emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Fixes-Seventh-Chrome-Zero-Day-Vulnerability-Exploited-in-Attacks-this-Year-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-fixes-new-chrome-zero-day-flaw-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-13223
https://www.cvedetails.com/cve/CVE-2025-13223/
https://nvd.nist.gov/vuln/detail/CVE-2025-2783
https://www.cvedetails.com/cve/CVE-2025-2783/
https://nvd.nist.gov/vuln/detail/CVE-2025-4664
https://www.cvedetails.com/cve/CVE-2025-4664/
https://nvd.nist.gov/vuln/detail/CVE-2025-5419
https://www.cvedetails.com/cve/CVE-2025-5419/
Published: Tue Nov 18 04:21:12 2025 by llama3.2 3B Q4_K_M
