Chrome 142 Update Patches Exploited Zero-Day

The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor.

Google on Monday rolled out an emergency Chrome 142 update to address a vulnerability exploited in the wild as a zero-day.

Tracked as CVE-2025-13223 (CVSS score of 8.8), the exploited high-severity flaw is described as a type confusion issue in the V8 JavaScript and WebAssembly engine.

Memory safety bugs that could trigger unexpected software behavior, type confusion vulnerabilities could lead to crashes, remote code execution, and other types of malicious operations.

Type confusion defects in the V8 engine can typically be exploited via crafted HTML pages for remote read/write operations.

“Google is aware that an exploit for CVE-2025-13223 exists in the wild,” the internet giant notes in its advisory, without providing details on the bug or its exploitation.

However, the company says the vulnerability was reported by Clément Lecigne ...