{“lastseen”:”2025-11-18T20:05:13″,”description”:”Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited in the wild. These flaws were found in Chrome\u2019s V8 engine, which is the part of Chrome (and other Chromium-based browsers) that runs JavaScript.\\n\\nChrome is by far the world\u2019s most popular browser, used by an estimated 3.4 billion people. That scale means when Chrome has a security flaw, billions of users are potentially exposed until they update.\\n\\nThese vulnerabilities are serious because they affect the code that runs almost every website you visit. Every time you load a page, your browser executes JavaScript from all sorts of sources, whether you notice it or not. Without proper safety checks, attackers can sneak in malicious instructions that your browser then runs\u2014sometimes without you clicking anything. That could lead to stolen data, malware infections, or even a full system compromise.\\n\\nThat\u2019s why it\u2019s important to install these patches promptly. Staying unpatched means you could be open to an attack just by browsing the web, and attackers often exploit these kinds of flaws before most users have a chance to update. Always let your browser update itself, and don\u2019t delay restarting to apply security patches, because updates often fix exactly this kind of risk.\\n\\n## How to update\\n\\nThe Chrome update brings the version number to 142.0.7444.175\/.176 for Windows, 142.0.7444.176 for macOS and 142.0.7444.175 for Linux. So, if your Chrome is on the version number **142.0.7444.175 or later,** it\u2019s protected from these vulnerabilities.\\n\\nThe easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong\u2014such as an extension stopping you from updating the browser.\\n\\nTo update manually, click the \u201c**More** \u201d menu (three stacked dots), then choose **Settings** \\u003e **About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then relaunch Chrome to complete the update, and you\u2019ll be protected against these vulnerabilities.\\n\\nYou can find more detailed update instructions and how to read the version number in our article on how to update Chrome on every operating system.\\n\\n\\n\\n## Technical details\\n\\nBoth vulnerabilities are characterized as \\”type confusion\\” flaws in V8.\\n\\nType confusion happens when code doesn\u2019t verify the object type it\u2019s handling and then uses it incorrectly. In other words, the software mistakes one type of data for another\u2014like treating a list as a single value or a number as text. This can cause Chrome to behave unpredictably and, in some cases, let attackers manipulate memory and execute code remotely through crafted JavaScript on a malicious or compromised website.\\n\\nThe actively exploited vulnerability\u2014Google says \u201can exploit for CVE-2025-13223 exists in the wild\u201d\u2014was discovered by Google’s Threat Analysis Group (TAG). It can allow a remote attacker to exploit heap corruption via a malicious HTML page. Which means just visiting the \u201cwrong\u201d website might be enough to compromise your browser.\\n\\nGoogle hasn’t shared details yet about who is exploiting the flaw, how they do it in real-world attacks, or who’s being targeted. However, the TAG team typically focuses on spyware and nation-state attackers that abuse zero days for espionage.\\n\\nThe second vulnerability, tracked as CVE-2025-13224, was discovered by Google\u2019s Big Sleep, an AI-driven project to discover vulnerabilities. It has the same potential impact as the other vulnerability, but cybercriminals probably haven’t yet figured out how to use it.\\n\\nUsers of other Chromium-based browsers\u2014like Edge, Opera, and Brave\u2014can expect similar updates in the near future.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-11-18T18:09:13″,”modified”:”2025-11-18T18:09:13″,”type”:”malwarebytes”,”title”:”Chrome zero-day under active attack: visiting the wrong site could hijack your browser”,”source”:””,”references”:””,”id”:”MALWAREBYTES:AEDEB7C0BB84B26CBD8DB4BFFC273B5B”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-13223″,”CVE-2025-13224″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/chrome-zero-day-under-active-attack-visiting-the-wrong-site-could-hijack-your-browser”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-18T20:05:13″,”description”:”Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,115,13,7,11,5],"class_list":["post-26674","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n