Type Confusion in V8 JavaScript Engine Affects Google Chrome
CVE-2025-13226

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-13226?

A type confusion vulnerability exists in the V8 JavaScript engine used by Google Chrome, which can potentially lead to heap corruption when attackers craft malicious HTML pages. If successfully exploited, this vulnerability could allow for remote execution of arbitrary code, impacting the security and integrity of the affected systems.

Affected Version(s)

Chrome 142.0.7444.59

References

https://chromereleases.googleblog.com/2025/10/stable-chan...

https://issues.chromium.org/issues/446113732

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Nov 15, 2025

JSON