CVE-2025-13223

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.175 Chromium versions prior to 142.0.7444.175 Opera versions prior to 124.0.5705.42 Opera GX versions prior to 124.0.5705.38 Opera Air versions prior to 122.0.5643.196 Opera Neon versions prior to 124.0.5705.44 Opera for Android versions prior to 92.6 Microsoft Edge (Chromium-based) versions prior to 142.0.7444.175

Description A type confusion vulnerability exists in the V8 JavaScript and WebAssembly engine, specifically in Google Chrome and Chromium-based browsers. This flaw, tracked as CVE-2025-13223, allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Exploitation of this vulnerability could lead to arbitrary code execution. This issue is actively being exploited in the wild, and an exploit is known to exist. The vulnerability stems from improper V8 object handling, giving attackers a path to remote code execution through malicious web pages. There have been reports of this vulnerability being used in targeted spyware campaigns.

Recommendations Update Google Chrome to version 142.0.7444.175 or later. Update Chromium-based browsers to version 142.0.7444.175 or later. Update Opera to version 124.0.5705.42 or later. Update Opera GX to version 124.0.5705.38 or later. Update Opera Air to version 122.0.5643.196 or later. Update Opera Neon to version 124.0.5705.44 or later. Update Opera for Android to version 92.6 or later. Update Microsoft Edge to version 142.0.7444.175 or later.