Google has rushed to release a critical emergency update for its Chrome browser, urging its estimated two billion users to update immediately following the confirmation of an actively exploited zero-day vulnerability. The flaw, designated as CVE-2025-13223, presents a significant and immediate security risk to users whose browsers have not yet been patched.
The vulnerability has been identified as a high-severity flaw tied to a Type Confusion issue within Chrome’s V8 JavaScript engine. Security agencies globally are elevating this patch beyond routine software maintenance, stressing its critical security priority due to confirmed exploitation attempts actively occurring in live attacks.
According to the National Institute of Standards and Technology (NIST), this Type Confusion flaw allows a remote attacker to potentially exploit heap corruption simply by crafting a malicious HTML page. The vulnerability’s severity rating is high, reflecting the potential for memory corruption through hostile web content.
Google confirmed the existence of an exploit “in the wild,” triggering a rapid patch cycle across all major operating systems. The company has released patched builds for Windows, macOS, Linux, and Android, and is encouraging a swift rollout, although the patch deployment may still take several days to reach all systems.
In line with standard security protocol, Google is withholding technical details about the zero-day to prevent further malicious exploitation until the majority of its user base is protected by the fix. The company stated that it would keep restrictions on bug details until a majority of users have updated.
The official Chrome Releases page confirmed that the stable channel update, published on November 17, 2025, includes fixes for both CVE-2025-13223 and a related type-confusion issue, CVE-2025-13224. Google credited both internal teams and external researchers for their quick identification of the flaws.
Users must manually apply the fix even if Chrome automatically downloads the update; the patch is only applied when the user closes and relaunches the browser. Users are instructed to navigate to Help → About Google Chrome in the browser menu to prompt the installation.
This emergency fix also serves as a reminder for users of other Chromium-based browsers, such as Microsoft Edge, Brave Browser, and Opera, to check their own software versions, as they often receive parallel updates due to sharing the same underlying code structure.