Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Google Chrome V8 type confusion actively exploited security flaw (CVE-2025-13223)

Vulnerability
First reported
Last updated
Happening score
H score 50
2 unique sources, 2 articles

Summary

Hide ▲

Google released Chrome security updates for CVE-2025-13223, a V8 type confusion flaw that was actively exploited in the wild and could lead to arbitrary code execution or crashes. The bug affects Chrome users on desktop platforms and can be triggered through a crafted HTML page. Google’s latest build guidance directs users to install 142.0.7444.175/.176 or the platform-specific equivalent.

Related Happenings

ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds

Technical Analysis
H score16 First: 04.06.2026 16:00 Last: 04.06.2026 16:00 Sources 1

About this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...

Open Happening

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Open Happening

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
H score41 First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Open Happening

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
H score10 First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Open Happening

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
H score22 First: 09.03.2026 12:28 Last: 09.03.2026 12:28 Sources 1

About this happening: The **QuickLens** and **ShotBird** Chrome extensions have become **malicious after ownership transfer**, turning trusted add-ons into a delivery path for code injection and data t...

Open Happening

Timeline

  1. 18.11.2025 06:44 1 articles · 6mo ago

    Google TAG reports CVE-2025-13223 in Chrome V8

    Technical Analysis Update

    Clément Lecigne of Google's Threat Analysis Group (TAG) discovered and reported CVE-2025-13223 on November 12, 2025. The flaw is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine used by Google Chrome, and it could enable heap corruption, arbitrary code execution, or program crashes.

    Show sources
    Open in new tab
  2. 18.11.2025 06:44 2 articles · 6mo ago

    Google releases Chrome fixes for CVE-2025-13223 and CVE-2025-13224

    Mitigation Patch Update

    Google released Chrome security updates to fix CVE-2025-13223, a V8 type confusion flaw acknowledged as actively exploited in the wild, and CVE-2025-13224, another V8 type confusion vulnerability flagged by Big Sleep. Users were advised to move to 142.0.7444.175/.176 on Windows, 142.0.7444.176 on macOS, or 142.0.7444.175 on Linux, and to relaunch Chrome after installing the update.

    Show sources
    Open in new tab