In a security advisory published on Monday, Google released details about an emergency security update that was issued to fix the seventh zero-day vulnerability exploited in attacks against Chrome this year. The zero-day in question (tracked as CVE-2025-13223) is categorized as a high-severity vulnerability and there's also an exploit that has been used in the wild, according to the company.
Google has fixed the flaw, and new versions will roll out to users via the Stable Desktop channel throughout the coming weeks, however a patch may be immediately available if you check for updates. Though the browser does automatically update whenever security patches are made available, users can make sure they’re installed by going to Chrome > Help > About Google Chrome and then clicking Relaunch once the installation process is complete.
As usual, though Google has confirmed that this flaw has been used in the wild to carry out attacks. However, it has not issued any further details, stating: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
This is typical, as sharing details is something the Google avoids as it may encourage further exploits of the zero-day before enough users apply its patch to fix it. The bug, which was reported by a member of Google’s Threat Analysis Group (TAG), is caused by a type confusion weakness within Chrome’s V8 JavaScript engine. If exploited, it could allow an attacker to achieve arbitrary code execution or program crashes via a maliciously crafted HTML page. It makes the seventh zero-day exploit patched this year, with the other fixes being patched in March, May, June, July and September.
How to keep your browser secure
This is exactly why it's so important to make sure that your software and operating system are kept up-to-date. You can always set them to update automatically in order to make things easier for you.
Likewise, the best antivirus software will often also let you automatically schedule scans to help protect your system from malware and other viruses. When you install one, also make sure to set up all of the extra features like a VPN, a hardened browser or other protections that can keep you safe while browsing.
Given this year's track record, it's unlikely that this will be the last zero-day exploit we see in 2025, so you may as well ensure that your browser is set to update automatically.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
- DoorDash was just hit with its third data breach – what to do next
- Black Friday shoppers under attack from AI-powered scams — here's how to spot them before it's too late
- Don't risk it — get your annual antivirus coverage for less than $25 with these Black Friday deals
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
