CVE-2025-13224

high

Description

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

References
More

https://www.theregister.com/2025/11/18/google_chrome_seventh_0_day/

https://www.securityweek.com/chrome-142-update-patches-exploited-zero-day/

https://www.malwarebytes.com/blog/news/2025/11/chrome-zero-day-under-active-attack-visiting-the-wrong-site-could-hijack-your-browser

https://www.helpnetsecurity.com/2025/11/18/chrome-cve-2025-13223-exploited/

https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html

https://securityaffairs.com/184764/hacking/google-fixed-the-seventh-chrome-zero-day-in-2025.html

https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

https://issues.chromium.org/issues/450328966

Details

Source: Mitre, NVD

Published: 2025-11-17

Updated: 2025-11-19

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00069

Detections

Analytics