Google has urgently released a critical security update for its Chrome browser after discovering a zero-day vulnerability actively exploited in the wild. The emergency patch is included in Chrome Stable version 142.0.7444.175 for Windows and Linux and 142.0.7444.176 for Mac, addressing two high-severity type confusion flaws in Chrome’s V8 JavaScript engine. These vulnerabilities pose a major risk to users because attackers can exploit them remotely without user interaction, making immediate updates essential.

The most serious issue, CVE-2025-13223, was reported on November 12, 2025, by a Researcher, Google confirmed that active exploitation is already underway, meaning threat actors have operational code that abuses the flaw. Type confusion bugs occur when the browser incorrectly handles data types, causing memory corruption that can lead to sandbox escape, data theft, or full system compromise. Researcher’s involvement strongly indicates a likelihood of state-sponsored APT activity.

Alongside this zero-day, Google also patched CVE-2025-13224, another type confusion issue discovered earlier, on October 9, 2025, using Google’s internal Big Sleep fuzzing system. The company credits tools such as AddressSanitizer, libFuzzer, and Big Sleep for proactively identifying weaknesses before attackers can weaponize them. However, the extremely short timeframe between disclosure and real-world exploitation of CVE-2025-13223 less than one week highlights increasingly aggressive threat actor capabilities and raises questions about attribution and targeting.

This incident reinforces Chrome’s continued attractiveness to attackers, as its underlying engine powers over 65% of global browsers. Given the scale of potential impact, users are strongly advised to enable automatic updates, apply the patch immediately, and remain cautious of unexpected or suspicious links. The event also underscores how critical it is for organizations and individuals to prioritize browser security to reduce exposure to high-level cyber threats, including those posed by advanced persistent threat groups.