⚠ Actively exploited
Added to CISA KEV on 2025-11-19. Federal agencies required to patch by 2025-12-10. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-13223Type Confusion in Google Chrome

CWE-843Type Confusion14 documents13 sources
Severity
8.8HIGHNVD
EPSS
2.8%
top 13.86%
CISA KEV
KEV
Added 2025-11-19
Due 2025-12-10
Exploit
No known exploits
Affected products
3
Google ChromeChromiumPaloalto Prisma Browser
Timeline
PublishedNov 17
KEV addedNov 19
KEV dueDec 10
Latest updateJan 14
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chrome< 142.0.7444.175
NVDgoogle/chrome< 142.0.7444.175
Debianchromium/chromium< 142.0.7444.175-1~deb12u1+2

🔴Vulnerability Details

4
GHSA
GHSA-fvx3-7348-92qj: Type Confusion in V8 in Google Chrome prior to 1422025-11-18
CVEList
CVE-2025-13223: Type Confusion in V8 in Google Chrome prior to 1422025-11-17
OSV
CVE-2025-13223: Type Confusion in V8 in Google Chrome prior to 1422025-11-17
VulnCheck
Google Chromium V8 Type Confusion Vulnerability2025

📋Vendor Advisories

6
Palo Alto
PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026)2026-01-14
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-132232025-11-21
CISA
Google Chromium V8 Type Confusion Vulnerability2025-11-19
Red Hat
chromium-browser: Type Confusion in V82025-11-17
Microsoft
Chromium: CVE-2025-13223 Type Confusion in V82025-11-11

🕵️Threat Intelligence

3
Bleepingcomputer
Google fixes eighth Chrome zero-day exploited in attacks in 20252025-12-11
Bleepingcomputer
Google fixes new Chrome zero-day flaw exploited in attacks2025-11-18
Recorded Future
November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October
CVE-2025-13223 — Type Confusion in Google Chrome | cvebase