Google has released an emergency security update to address a zero-day vulnerability in the Chrome browser.
Tracked as CVE-2025-13223, the flaw stems from a type-confusion issue within Chrome’s V8 JavaScript engine. Google has patched the flaw in Chrome version 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS, and 142.0.7444.175 for Linux.
While Chrome typically updates automatically, users can manually confirm they’re protected by navigating to Menu > Help > About Google Chrome, allowing the update to download, and clicking Relaunch.
The company said it is “aware that an exploit for CVE-2025-13223 exists in the wild,” but didn’t provide any additional details on the nature of the exploitation.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said, adding that restrictions may stay in place if the issue involves third-party components that remain unpatched elsewhere.
CVE-2025-13223 marks the seventh zero-day vulnerability in Chrome this year, following CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, and CVE-2025-10585.
