Analysis

Google issued an emergency Chrome security update to remediate CVE-2025-13223, a high-severity type-confusion flaw in the V8 JavaScript engine that Google says is being exploited in the wild; the fix is in Chrome 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS and 142.0.7444.175 for Linux and is rolling out to Stable Desktop users with immediate availability via About > Help. The vulnerability was reported by Clement Lecigne of Google’s Threat Analysis Group (TAG), which routinely flags zero-days used by government-sponsored spyware campaigns targeting high-risk individuals such as journalists and dissidents. This is the seventh Chrome zero-day patched in 2025 (additional active patches in March, May, June, July and September) and follows ten zero-days addressed in 2024, indicating a sustained cadence of critical fixes. Google will withhold technical details until a majority of users are updated, reducing immediate disclosure risk but limiting defensive visibility for some security teams, and the provided signals show mildly negative sentiment (score -0.3) with a low-to-moderate market impact score of 0.25 for GOOGL/GOOG.