🟢 CVE-2025-13223

Key Sources:

• The Hacker News | #1 Trusted Source for Cybersecurity News — Index...

  The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes. "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to a description of the flaw in the NIST National Vulnerability Database (NVD).

• CVE-2025-13223 — Google Chrome +1 | dbugs

  Details on CVE-2025-13223: Google Chrome +1. Includes CVSS score, affected versions, and references.The vulnerability was discovered by Google’s Threat Analysis Group on November 12, 2025. This is the seventh zero-day vulnerability addressed in Chrome this year. Exploitation has been observed in targeted attacks, including campaigns against journalists and political dissidents.

• CVE-2025-13223 - Vulnerability Details - OpenCVE

  Exploitation none. Automatable no. Technical Impact total.(Chromium security severity: High)"}], "id": "CVE-2025-13223", "lastModified": "2025-11-18T02:15:43.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI

• Google patches yet another exploited Chrome zero-day ...

  CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine used by Chrome and Chromium-based browsers. The ...

• CISA Adds One Known Exploited Vulnerability to Catalog

  CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.