News

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google has released an emergency patch for Chrome, fixing zero-day vulnerability CVE-2025-13223. This marks the seventh zero-day vulnerability exploited in real-world attacks and patched in the browser this year.

The patched issue involves a type confusion error in the V8 JavaScript engine and WebAssembly. Clement Lecigne from Google's Threat Analysis Group (TAG) reported the vulnerability. TAG is a company division that tracks attacks by state-sponsored hacker groups, and its specialists regularly identify zero-day exploits used in espionage campaigns targeting journalists, opposition politicians, and dissidents.

"The type confusion vulnerability in V8 in Google Chrome prior to version 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a specially crafted HTML page," states the vulnerability description in the NIST National Vulnerability Database (NVD).

The bug could be used to execute arbitrary code or cause system crashes.

Google has not disclosed details about the discovered attacks exploiting CVE-2025-13223. The company traditionally restricts information about vulnerabilities and related links until the majority of users have installed updates. Restrictions also remain in place when vulnerabilities affect third-party libraries used by other projects.

The patch is included in versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. Chrome typically updates automatically, but users can manually check their version: Menu → Help → About Google Chrome.

CVE-2025-13223 is the seventh zero-day vulnerability under active attack discovered in Chrome in 2025. For comparison, Google patched 10 zero-days in Chrome during 2024, some demonstrated at the Pwn2Own competition, while others were exploited in real attacks.

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

An unknown hacker group claims to have breached the servers of telecommunications company Protei and stolen approximately 182 gigabytes of data, including several years of email correspondence. The attackers, whose motives remain unclear, also defaced the company's website with a profane message. Company Background Per TechCrunch reporting, Protei

Malicious npm Packages Abuse Adspect Redirects

Researchers at Socket have discovered seven malicious packages in npm that exploit the Adspect cloud service to mask their activity while redirecting victims to cryptocurrency scam websites. Adspect markets itself as a tool for protecting websites from bots. However, this campaign demonstrates the service can serve the opposite purpose—concealing

Dutch Police Confiscate 250 Servers from "Bulletproof" Hosting Provider

Dutch police have executed a large-scale operation against an unnamed "bulletproof" hosting provider, seizing approximately 250 physical servers from data centers in The Hague and Zoetermeer. The seizure caused thousands of virtual servers to go offline simultaneously. Media sources indicate the operation likely targeted the hosting service CrazyRDP.

Read next