Type Confusion Vulnerability in Google Chrome
CVE-2025-13223

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome
Vendor
CVE Published:
17 November 2025

Badges

📈 Trended📈 Score: 1,920👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-13223?

CVE-2025-13223 is a type confusion vulnerability found in the V8 JavaScript engine used by Google Chrome. This problem arises from improper handling of data types, which can lead to heap corruption when a remote attacker crafts a malicious HTML page. The impact of this vulnerability can be severe for organizations utilizing Google Chrome, as it opens the door to potential remote exploitation. If successfully executed, attackers could manipulate the browser's behavior, leading to unauthorized code execution, data breaches, or the compromise of user systems. The flaw specifically affects versions of Google Chrome prior to 142.0.7444.175, making it critical for users to apply security updates to protect their systems.

Potential impact of CVE-2025-13223

  1. Remote Code Execution: Attackers can exploit this vulnerability to execute arbitrary code on the victim's device, leading to unauthorized actions and potential further compromise of the system.

  2. Data Breaches: The exploitation of this vulnerability could allow attackers to gain access to sensitive information stored on affected devices, increasing the risk of data theft and leaks.

  3. System Integrity Compromise: With the ability to manipulate the browser and execute malicious payloads, attackers might alter system processes or install additional malware, undermining the overall security posture of the affected organization.

CISA has reported CVE-2025-13223

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-13223 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome 0 < 142.0.7444.175

News Articles

favicon imageThe Times of India

Google releases urgent update for Chrome: Why you should update your browser right now - The Times of India

Tech News News: Google has released a critical security update for its Chrome browser. Hackers are actively exploiting a vulnerability, putting users at risk. This fl

2 weeks ago

favicon imageCyber Daily

Chrome, Oracle vulnerabilities added to Known Exploited Vulnerabilities Catalog

Type confusion bug in Chrome and a critical severity issue in Oracle Fusion Middleware’s Identity Manager component are in hackers’ crosshairs.

3 weeks ago

favicon imageHelp Net Security

Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The tech that turns supply chains from brittle to

3 weeks ago

References

https://chromereleases.googleblog.com/2025/11/stable-chan...
https://issues.chromium.org/issues/460017370

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 🦅

    CISA Reported

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-13223 : Type Confusion Vulnerability in Google Chrome