Chrome receives emergency update to fix high-severity zero-day flaw

Google has issued an emergency update to fix the seventh Chrome zero-day exploited in attacks this year. The flaw, tracked as CVE-2025-13223, is caused by a type confusion bug in the browser’s V8 JavaScript engine and was used in the wild before the patch was released.

The company says updates will roll out across the Stable Desktop channel in the coming weeks, though users can install the fix immediately by checking for updates in Chrome’s settings. Google is withholding technical details until most users have upgraded to avoid encouraging further exploitation.

The vulnerability was reported by a member of Google’s Threat Analysis Group and allowed attackers to trigger code execution or browser crashes through malicious HTML pages. It continues a pattern of high-severity zero-days discovered and patched throughout 2025.

Google stresses that prompt updates remain essential, as attackers often target unpatched systems. Automatic updates can help ensure that newly released fixes reach users quickly and reduce exposure to emerging threats.

Security experts also recommend enabling scheduled antivirus scans and using protective features, such as hardened browsers or VPNs. With multiple zero-days already patched this year, analysts say more are likely, and users should keep Chrome’s update settings enabled.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!