Google has suddenly warned that attacks on Chrome are underway, issuing an emergency update for all desktop users. “Google is aware that an exploit for CVE-2025-13223 exists in the wild,” the company confirmed on Monday.
The vulnerability — a “Type Confusion in V8” — was discovered by Google’s own Threat Analysis Group last week. This fix has been rushed out, highlighting its seriousness.
The update should download automatically, but you will need to restart your browser to ensure it installs and takes effect. Your regular tabs will reload, but your private “incognito” tabs will not. Ensure you have saved any open work.
Per NIST, this “Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” The vulnerability has been issued a high-severity rating.
As ever, Google also says “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The update brings Chrome’s stable channel up to 142.0.7444.175/.176 for Windows and 142.0.7444.176 for Mac. For Linux it’s 142.0.7444.175. While Google’s boilerplate says “roll out over the coming days/weeks,” you can expect the update today.
While Google Chrome zero days are a regular event, Google takes immense credit for the speed with which fixes are developed and deployed. It goes without saying that all users should update their browsers as soon as they see the restart flag.