CVE-2025-13223

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 142.0.7444.175 Opera versions prior to Opera One (124.0.5705.42), Opera GX (124.0.5705.38), Opera Air (122.0.5643.196), Opera Neon (124.0.5705.44), and Opera for Android (92.6) Microsoft Edge (Chromium-based) versions prior to 142.0.7444.175 Brave versions prior to 1.84.141

Description A type confusion vulnerability exists in the V8 JavaScript and WebAssembly engine used in Chromium and its derivatives. This flaw allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution. The vulnerability (CVE-2025-13223) is actively exploited in the wild. The issue stems from improper handling of V8 objects, providing a path for attackers to execute code through malicious web pages. This vulnerability affects a large number of users globally, as Chrome is the most used browser.

Recommendations Update Chromium to version 142.0.7444.175 or later. Update Opera to Opera One (124.0.5705.42), Opera GX (124.0.5705.38), Opera Air (122.0.5643.196), Opera Neon (124.0.5705.44), or Opera for Android (92.6) or later. Update Microsoft Edge to version 142.0.7444.175 or later. Update Brave to version 1.84.141 or later.