Google Chrome bug exploited as an 0-day - patch now or risk full system compromise

Google pushed an emergency patch on Monday for a high-severity Chrome bug that attackers have already found and exploited in the wild.

The vulnerability, tracked as CVE-2025-13223, is a type confusion flaw in the V8 JavaScript engine, and it's the seventh Chrome zero-day this year. All have since been patched. But if you use Chrome as your web browser, make sure you are running the most recent version - or risk full system compromise.

This type of vulnerability happens when the engine misinterprets a block of memory as one type of object and treats it as something it's not. This can lead to system crashes and arbitrary code execution, and if it's chained with other bugs can potentially lead to a full system compromise via a crafted HTML page.

"Google is aware that an exploit for CVE-2025-13223 exists in the wild," the Monday security alert warned.

Also on ...