Enterprise updating: The latest update also addresses a separate Type Confusion vulnerability in the V8 engine, CVE-2025-13224, also rated as ‘high’ priority. So far, there is no indication that this is under exploit.Enterprise customers can address both flaws by updating to Chrome version 142.0.7444.175/.176 for Windows, version 142.0.7444.176 for Mac, and version 142.0.7444.175 for Linux.Normally, enterprises patch every eight weeks on the Extended Stable Channel (ESC), allowing plenty of time for testing. In contrast, patches for zero-day vulnerabilities will usually be applied manually within days.”For enterprise admins, the toll is real, because zero days mean a sweaty scramble to get fast patching and testing. And because Chrome updates come without real warning, hard and often, teams don’t get a break,” commented ZbynÄ›k Sopuch, CTO of risk management company Safetica.”The pattern here is that shared components multiply the blast radius, and until the wider community patches in an organized way, V8 stays one of the ripest targets in the room,” he added.Attackers are always looking for ways to target V8, he said, because it allows them to “aim at the entire beehive. Admins are lying awake at night because of Chrome and the unknown list of apps that quietly run the same engine.”Chrome has suffered two other confirmed zero days in the V8 engine in 2025, from a tally of seven across Chrome as a whole. The V8 flaws were CVE-2025-5419 in June and CVE-2025-10585 in September. Seven zero days sounds like a lot, but the annual count has been around this level for some time.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4092287/more-work-for-admins-as-google-patches-latest-zero-day-chrome-vulnerability.html
