{“lastseen”:”2025-12-11T14:05:11″,”description”:”Google issued an extra patch for a security vulnerability in Chrome that is being actively exploited, and it’s urging users to update. The patch fixes two flaws in Chrome\u2019s V8 engine, and for one of them Google says an exploit already exists in the wild.\\n\\nBoth issues are described as \u201ctype confusion\u201d vulnerabilities in the V8 JavaScript engine. These occur when Chrome doesn\u2019t verify the object type it\u2019s handling and then uses it incorrectly. In other words, the browser mistakes one type of data for another\u2014like treating a list as a single value or a number as text. That can cause unpredictable behavior and, in some cases, let attackers manipulate memory and run code remotely through crafted JavaScript on a malicious or compromised website.\\n\\nSo, these vulnerabilities lie in the part of Chrome you use the most: browsing. And since Chrome is by far the world\u2019s most popular browser, with an estimated 3.4 billion users, that makes for a massive target. When Chrome has a security flaw that can be triggered just by visiting a website, billions of users are exposed until they update.\\n\\nThat\u2019s why it\u2019s important to install these patches promptly. Staying unpatched means you could be at risk just by browsing the web. Attackers often exploit these kinds of flaws before most users have a chance to update. Always let Chrome update itself, and don\u2019t delay restarting it as updates usually fix exactly this kind of risk.\\n\\n## How to update Chrome\\n\\nThe latest version number is **144.0.7444.175\/.176** for Windows, **144.0.7444.175** for Linux, and **144.0.7444.176** for macOS. So, if your Chrome is on version **144.0.7444.175 or later,** it\u2019s protected from these vulnerabilities.\\n\\nThe easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong\u2014such as an extension stopping you from updating the browser.\\n\\nTo update manually, click the **More** menu (three dots), then go to **Settings** \\u003e **About Chrome**. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you\u2019ll be protected against these vulnerabilities.\\n\\nYou can also find step-by-step instructions in our guide to how to update Chrome on every operating system.\\n\\n\\n\\n## 2025 exploited zero-days in Chrome\\n\\nPublic reporting indicates that Chrome has seen at least seven zero-days exploited in 2025, several of them in the V8 JavaScript engine and some linked to targeted espionage.\\n\\nSo, 2025 has been a relatively busy year for Chrome zero\u2011days. \\n\\nIn March, a sandbox escape tracked as CVE\u20112025\u20112783 showed up in espionage operations against Russian targets. \\n\\nMay brought more bad news: an account\u2011hijacking flaw (CVE\u20112025\u20114664), followed in June by multiple V8 issues (including CVE\u20112025\u20115419 and CVE\u20112025\u20116558) that let attackers run code in the browser and in some cases hop over the sandbox boundary. \\n\\nSeptember added a V8 type\u2011confusion bug (CVE\u20112025\u201110585) serious enough to justify another out\u2011of\u2011band patch.\\n\\nAnd with this latest update, Google has patched CVE-2025-13223, reported by Google’s Threat Analysis Group (TAG), which focuses on spyware and nation-state attackers who regularly use zero-days for espionage.\\n\\nIf we\u2019re lucky, this update will close out 2025\u2019s run of Chrome zero-days.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-12-11T11:58:47″,”modified”:”2025-12-11T11:58:47″,”type”:”malwarebytes”,”title”:”Another Chrome zero-day under attack: update now”,”source”:””,”references”:””,”id”:”MALWAREBYTES:633E8C67D1D9E0576778E41AE5B8DE38″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-10585″,”CVE-2025-13223″,”CVE-2025-2783″,”CVE-2025-4664″,”CVE-2025-5419″,”CVE-2025-6558″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/another-chrome-zero-day-under-attack-update-now”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-11T14:05:11″,”description”:”Google issued an extra patch for a security vulnerability in Chrome that is being actively exploited, and it’s urging users to update. The patch fixes…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,115,13,7,11,5],"class_list":["post-30379","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n