CVE-2025-13223

CVSS 8.8 HIGHEPSS 4.8%● KEVCWE-843

In short

V8 (Chrome's JavaScript engine) has a type confusion vulnerability that lets attackers trick it into mishandling memory through a malicious webpage, potentially corrupting the heap and crashing or controlling the browser.

Technical detail

Type confusion in V8's type system allows a remote attacker to trigger heap corruption via crafted HTML, leading to potential code execution or denial of service. The attack requires user interaction (visiting a malicious page) and affects Chrome versions prior to 142.0.7444.175.

Summary generated and translated by AI from the official description.

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html https://issues.chromium.org/issues/460017370 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-13223