Google patches worrying Chrome zero-day flaw being exploited in the wild

Google has urgently patched a worrying Chrome zero-day flaw being exploited in the wild, putting millions of users at risk. The vulnerability, tracked as CVE-2025-13223, affected Chrome’s V8 JavaScript engine and allowed attackers to run arbitrary code remotely. Experts warn that threat actors, including state-sponsored hackers, have likely already exploited this flaw. Updating Chrome to version 142.0.7444.175/.176 immediately is the best way to stay protected.

What is the Chrome zero-day flaw and why it matters

The flaw resides in Chrome’s V8 engine, which processes JavaScript and WebAssembly code on websites. This type confusion bug could let attackers manipulate memory to execute malicious code silently. With a severity score of 8.8/10, security specialists emphasize that ignoring this update leaves users exposed to phishing attacks, malware, and potential data breaches.

How to protect yourself from Chrome zero-day attacks

Google recommends all users update their browsers across devices—desktop, Android, and iOS—to the patched version. Enabling automatic updates ensures immediate protection from future exploits. Additionally, avoid clicking on unknown links or visiting suspicious websites, as this is often how attackers exploit zero-day vulnerabilities.