On Monday Google released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.

Our CVE of the Week is about CVE-2025-13223 vulnerability with a CVSS score of 8.8.

CVE-2025-13223 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.According to the NIST National Vulnerability Database, description says,

Type Confusion in V8 in Google Chrome prior to version 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

To exploit the vulnerability, the attacker needs to create a malicious website which targets this browser flaw. When a victim visits this specially crafted webpage, there is no need for user interaction with any objects there for a successful compromise.

Google’s Threat Analysis Group has discovered and reported the flaw on November 12, 2025. Google has not shared any details on who may have been targeted or who is behind the attacks.

The company also acknowledged that an “exploit for CVE-2025-13223 exists in the wild.”

How can we defend ourselves?

Make sure you update the Chrome browser to versions 142.0.7444.176 for Windows, 142.0.7444.176 for Apple macOS, and 142.0.7444.175 for Linux.

For more information:
https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 47 – Puppet Master on the Web: Chrome’s V8 Flaw Pulled by Attackers

17 – 23 Nov 2025

On Monday Google released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.

How can we defend ourselves?

Neurotechnology Summit 2025

CyAN Webinar: Malicious Packages – the Danger’s Already in the Build

WAM Morocco debuts in Casablanca, 20–22 January 2026

Third Party & Supply Chain Cyber Security Summit: Middle East Edition

WAM World Advanced Manufacturing & Logistics – Saudi