Google Issues Emergency Update for 2B Chrome Users
If your Chrome browser isn’t updated, you may be exposed to an actively exploited zero-day that Google just rushed to patch.
The company is instructing its 2 billion users to update immediately after confirming that a newly discovered zero-day, CVE-2025-13223, is already being exploited in live attacks. Security agencies are urging users to prioritize the update, making this more than a routine software patch, as it’s now a critical security priority.
The flaw, tied to Chrome’s V8 JavaScript engine, has triggered a rapid patch cycle across platforms as Google and national cybersecurity teams urge fast action.
Critical flaw confirmed
Google confirmed that an exploit for the vulnerability existed in the wild, prompting an emergency update across major operating systems. Forbes reported that the vulnerability has been classified as high severity and that exploitation attempts were already underway.
According to the National Institute of Standards and Technology (NIST), “This Type Confusion in V8 in Google Chrome before 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page.” The vulnerability has been assigned a high severity rating based on the potential for memory corruption through malicious web content.
Google follows a standard security practice of withholding technical details until most users are protected. Google said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.”
Google’s Chrome Releases page confirmed that the Stable channel update, published on November 17, 2025, includes two security fixes: CVE-2025-13223 and CVE-2025-13224, both involving type-confusion issues in the V8 engine. Google noted that the patch will roll out over the coming days and credited internal teams and external researchers for identifying the flaws.
The update is now live across Windows, macOS, and Linux. While the Chrome patch typically rolls out over several days or weeks, users should prioritize installing this emergency fix as soon as it becomes available on their systems.
Rollout and update steps
Google has released patched builds for Windows, macOS, Linux, and Android. According to Google, users can access the update through Chrome’s menu by selecting Help → About Google Chrome, then relaunching the browser once the patch becomes available. The company also reminded users that Chrome downloads updates automatically, but the fix is only applied when you close and reopen the browser.
The Cyber Security Agency of Singapore encouraged organizations to check their Chrome versions and enable automatic updates in their browser to ensure that their software is updated promptly. Hot Hardware also recommended reviewing other Chromium-based browsers, such as Microsoft Edge, Brave Browser, and Opera, since they often receive parallel updates based on the same underlying code.
What IT leaders should do now
IT leaders are encouraged to prioritize this update given the active exploitation and the scale of the affected devices. Teams should confirm that all endpoints are running the patched Chrome version or an updated Chromium equivalent, as well as review browsers or system logs for any suspicious activity that could signal attempted exploitation.
It’s also important to remind users to relaunch Chrome so the fix is fully applied. While attacks targeting browser vulnerabilities are not unusual, quick action across managed devices can help reduce exposure as researchers continue to analyze the issue.
For more ways to strengthen Chrome in your workplace or home use, see TechRepublic’s guide to key Chrome security and UI tips.
About Author
