Google Chrome Security Update Addresses Seventh Zero-Day Vulnerability

Google Chrome has recently rolled out an emergency security update to fix the seventh zero-day vulnerability that has been exploited in attacks within this year. This update aims to enhance the security features of the popular web browser and protect users from potential threats.

According to a security advisory published by Google, the tech giant is aware of an exploit for CVE-2025-13223 that is currently in the wild. This high-severity vulnerability is attributed to a type confusion weakness in Chrome’s V8 JavaScript engine. It was first reported by Clement Lecigne of Google’s Threat Analysis Group, which frequently identifies zero-day exploits used by government-sponsored threat groups in spyware campaigns targeting high-risk individuals like journalists, opposition politicians, and dissidents.

Google has promptly addressed the zero-day flaw with the release of versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. While these updates are scheduled to be gradually rolled out to all users in the Stable Desktop channel over the upcoming weeks, users can manually check for the latest updates to ensure they are protected.

Chrome automatically updates when security patches are available. Users can verify they are running the latest version by navigating to the Chrome menu, selecting Help, clicking on About Google Chrome, allowing the update to finish, and then clicking on the ‘Relaunch’ button to install it.

Google has confirmed that CVE-2025-13223 was exploited in attacks, but additional details regarding active exploitation are yet to be disclosed. Google stated, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” This is the seventh zero-day vulnerability addressed by Google in 2025, with previous vulnerabilities being patched in March, May, June, July, and September.

In May, Google released emergency security updates to address a Chrome zero-day vulnerability (CVE-2025-4664) and an out-of-bounds read and write flaw (CVE-2025-5419) in the V8 JavaScript engine. In March, a high-severity sandbox escape flaw (CVE-2025-2783) was patched by Google, following reports of espionage attacks against Russian media outlets and government organizations.

In the past, Google has actively responded to zero-day vulnerabilities that were either exploited in attacks or demonstrated during hacking competitions. These efforts underscore Google’s commitment to enhancing the security of its products and protecting users from potential threats.

As MCP (Model Context Protocol) gains traction as the standard for connecting LLMs to tools and data, security teams are prioritizing the implementation of best practices to ensure the safety of these new services.

Download this free cheat sheet outlining 7 best practices that you can start implementing today to enhance security.

Download Now