CVE-2025-13223
Description
CVE-2025-13223 is a high-severity (8.8) type confusion vulnerability in Google Chrome's V8 engine being exploited in the wild. Update to 142.0.7444.175.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| chrome | * | 142.0.7444.175 | vulnerable |
| macos | - | - | unaffected |
| linux_kernel | - | - | unaffected |
| windows | - | - | unaffected |
Related weakness (CWE)
Remediation plan
Apply official patches
Immediately apply the security updates provided by Google for the Chrome browser across all platforms, including Windows, macOS, and Linux, to address the V8 engine flaw.
Update affected systems
Ensure all Chrome installations are updated to version 142.0.7444.175 or later. Verify that Chromium-based browsers like Microsoft Edge or Brave are also updated to their respective patched versions.
Restrict access
Implement robust web filtering and URL categorization to block access to known malicious or untrusted domains that may host the crafted HTML pages required for this attack vector.
Monitor for exploitation
Use endpoint detection and response (EDR) tools to monitor for unusual child processes spawned by browser processes or frequent, unexplained renderer crashes which may indicate heap corruption attempts.
Detection Guidance
Security teams should monitor for unusual process behavior originating from chrome.exe or equivalent binaries, such as the execution of shell commands or unexpected outbound network connections. Organizations should audit their environment for any Chrome instances below version 142.0.7444.175. Additionally, look for log entries indicating frequent renderer process crashes, which can be a precursor to or a result of successful heap corruption and type confusion exploitation.