Google has pushed out an urgent security update to fix a new Chrome zero-day vulnerability that hackers have already been exploiting.
The company confirmed that attackers were using the flaw, tracked as CVE-2025-13223, before the patch was released.
The issue is a high-severity bug caused by a type confusion problem in Chrome’s V8 JavaScript engine. It was discovered last week by Clement Lecigne from Google’s Threat Analysis Group, a team known for uncovering zero-day attacks often linked to government-backed spyware operations targeting journalists, political opponents, and activists.
To protect users, Google released Chrome versions 142.0.7444.175 and .176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. These updates will roll out gradually, but users can install them right away by checking for updates manually. Chrome normally updates on its own, but anyone can confirm by going to Chrome’s menu, selecting Help, opening About Google Chrome, waiting for the update to finish, and clicking Relaunch.
While Google has acknowledged that the vulnerability is already being used in real-world attacks, the company has not yet shared technical details. It says information will remain restricted until most users have updated or if the flawed component is used by other software that has not been patched yet.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
