The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported a critical zero-day vulnerability in Google Chrome, tracked as CVE-2025-13223. This vulnerability, rooted in a type confusion error in the Chromium V8 JavaScript engine, poses significant risks such as enabling remote code execution. It affects users globally and impacts Chrome versions prior to 131.0.6778.72, as well as Chromium-based browsers like Microsoft Edge and Brave. Google patched the issue on November 19, 2025, after it was already exploited in the wild.
CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating that federal agencies update by December 10, 2025. The flaw could lead to heap corruption, making it a serious threat vector for malicious downloads or interactions on webpages. While there are no confirmed links to ransomware, experts advise caution regarding potential phishing and supply chain attack escalations. Organizations are urged to prioritize updates and ensure compliance with zero-trust principles to mitigate associated risks.
👉 Pročitaj original: Cyber Security News
