Patch Your Browser! Chrome V8 Security Bug Likely Exploited by Hackers, Says Google

Google has released an important security fix for Chrome users on desktop, signaling that hackers may be exploiting the issue in the wild.

“The Stable channel has been updated to 142.0.7444.175/.176 for Windows and 142.0.7444.176 for Mac and 142.0.7444.175 for Linux, which will roll out over the coming days/weeks,” writes Srinivas Sista on the Google Chrome Releases blog. “A full list of changes in this build is available in the Log.”

The update includes two security fixes – one flagged as potentially being exploited maliciously.

‘An exploit exists in the wild’

Tracked as CVE-2025-13223, the issue in question is described as a type confusion vulnerability in Chrome’s V8 JavaScript engine.

According to the NIST National Vulnerability Database, Chrome versions prior to 142.0.7444.175 exhibit this weakness, allowing a remote attacker “to potentially exploit heap corruption via a crafted HTML page.”

The bug’s severity is rated “high.” The issue was reported last week by Clément Lecigne of Google's Threat Analysis Group.

According to Google’s advisory, the second security weakness addressed in this update is also a Type Confusion bug in V8, though not flagged as potentially exploited by hackers – at least not to Google’s knowledge.

The bug, discovered by Google’s automated vulnerability discovery agent Big Sleep, is tracked as CVE-2025-13224 and is also rated high-risk.

Patch now!

Google’s TAG team often uncovers and reports high-profile vulnerabilities typically used in spyware attacks targeting activists, dissidents, political figures, human rights advocates, investigative journalists and other high-profile people.

As we regularly warn, even if you’re not a high-risk person, it’s always a good idea to stay up to date with the latest security patches – you never know when you might trip a wire and become a target.

As a rule of thumb, avoid clicking on suspicious links in emails or on websites, as they could lead to compromised sites exploiting a vulnerability on your end.

As of today, you want to be on:

·      Chrome 142.0.7444.175/.176 on Windows

·      Chrome 142.0.7444.176 for Mac

·      Chrome 142.0.7444.175 on Linux

Note: Android releases contain the same security fixes as their corresponding Desktop releases, unless otherwise noted. If you use Chrome on your Android phone, be sure to update ASAP when Google warns of a weakness actively exploited by threat actors.

The desktop version of Chrome automatically checks for the latest version every time it relaunches. If you haven’t closed Chrome in a while, you can start the process manually. Visit the three-dotted options menu, choose Settings -> About Chrome, and let the browser fetch the latest version from Google’s servers. When prompted, relaunch Chrome.

This time around, Google has not signaled the same issues on the mobile versions of Chrome, but users should still ensure they always run the latest version. On mobile, simply download and install the updated version of Chrome from your official app store.

For peace of mind, run a dedicated security solution on all your personal devices.

You may also want to read:

Still Not on iOS 26? Apple Offers iOS 18.7.2 to Keep You Safe

Jury finds Google misled users on privacy setting, awards netizens $426 million

Hackers Exploit WhatsApp Security Flaw in ‘Sophisticated’ Attacks. Patch Now!