Secure ISS
NewsThreats
T

Threats

Google Chrome Zero-Day Actively Exploited

Overview

  • CVE: CVE-2025-13223

  • Severity: Critical

  • Date: 19 November 2025

Google has released an urgent security update for Google Chrome, addressing a critical vulnerability that is being actively exploited in the wild. The issue, tracked as CVE-2025-13223, involves a memory corruption flaw in the V8 JavaScript engine, which can allow remote code execution when a victim views a malicious webpage.

Google has confirmed that an exploit for CVE-2025-13223 exists in the wild, and urges all users and organisations to update immediately. This affects Chrome across Windows, macOS and Linux, as well as any Chromium-based browsers pending upstream patches.


Affected Versions

  • Google Chrome for Windows, macOS and Linux prior to the emergency patch released 16 November 2025

  • Chromium-based browsers (Edge, Opera, Brave, Vivaldi) until each vendor publishes updated builds

  • Devices using enterprise-managed browser policies remain at risk until patches are deployed


Vulnerability Breakdown

CVE-2025-13223 – V8 Memory Corruption Leading to Remote Code Execution

Type: Memory corruption in V8

Severity: Critical

Impact: A malicious webpage can achieve remote code execution without user interaction

Exploitation: Confirmed active exploitation in the wild

Description: Incorrect handling of memory operations within V8 allows an attacker to execute arbitrary code in the context of the browser. Given the exploit availability, targeted attacks may already be underway.


Mitigation

  • Update Google Chrome immediately to the latest version released on 16 November 2025

  • For enterprise environments, force an update via:

    • Google Admin Console

    • Intune or equivalent MDM

    • Chrome Enterprise policies

  • Apply patches to all Chromium-based browsers once available

  • Restart the browser after updating to complete mitigation

  • Consider temporarily restricting access to untrusted websites for high-risk user groups until validation is complete


Summary for IT Teams

Products: Google Chrome, Chromium-based browsers
Threat Level: Critical
Action Required:

  • Deploy the emergency Chrome update across all systems

  • Confirm Chromium-based browsers are patched as updates become available

  • Review browser auto-update policies to ensure updates are not paused or blocked

  • Monitor for unusual web-originated activity or signs of browser compromise


Reference

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US