Google has issued an emergency update for its Chrome browser, urging over two billion users to install the patch immediately.
As reported by Forbes, the update addresses a high-severity vulnerability that is already being exploited by attackers in the wild.
The flaw is tracked as “CVE-2025-13223” and is considered as a “type confusion” weakness within Chrome’s V8 JavaScript engine.
With this bug, any remote attacker can corrupt the browser’s memory and can potentially execute arbitrary code on the victim’s computer. This can be done by simply tricking them into visiting a maliciously crafted website.
Google’s own Threat Analysis Group (TAG) which is responsible for investigating sophisticated cyberattacks from nation-state actors and commercial spyware vendors, found the vulnerability on November 12.
The company confirmed that it is “aware that an exploit… exists in the wild,” signalling the urgency of the situation.
With the new update, Chrome version rolled out as 142.0.7444/.176 for Windows and Mac and 142.0.7444.175 for Linux.
While the browser typically updates automatically, users must completely restart it to activate the protection.
Users can manually check for the update by navigating to “Help”>”About Google Chrome” in the browser's menu.
This is the seventh time in 2025 that Google has been forced to patch a Chrome zero-day vulnerability (a flaw that was unknown to the vendor and already being exploited by attackers before a fix was available).
The repeated incidents highlight the continuous targeting of the world’s most popular web browser by advanced threat groups.