Another zero-day vulnerability tracked as CVE-2025-13223 has been discovered to affect Google Chrome and Chromium web browsers on Windows, macOS, and Linux endpoints. It follows the earlier disclosure of CVE-2025-4664, which also affects these web browsers. This is a high-severity flaw with a CVSS score of 8.8 reported to be actively exploited in the wild. This latest discovery highlights that browser-based zero-day vulnerabilities are becoming more common, showing that modern browsers are increasingly targeted by threat actors. With billions of users relying on Chromium-powered browsers for everything from business operations to cloud access, any flaw in the underlying engine immediately becomes a high-impact security concern.
The vulnerability
The flaw stems from improper handling of object types within V8, a JavaScript and WebAssembly engine developed by Google, leading to heap corruption when a malicious webpage is loaded. The vulnerability poses a significant risk to users and organizations because memory corruption in a browser engine can allow attackers to run arbitrary code. What makes CVE-2025-13223 especially critical is that it has been actively exploited in the wild as a zero-day. Threat actors can trigger the vulnerability simply by getting a user to visit a specially crafted HTML page without any additional interaction.
Vulnerable versions
At the time of writing, any user running the versions below is exposed to this vulnerability:
| Operating system | Product | Version |
| Windows | Google Chrome | Before 142.0.7444.175 |
| macOS | Google Chrome | Before 142.0.7444.176 |
| Debian 11 | Chromium | Up to 120.0.6099.224 |
| Debian 12 | Chromium | Before 142.0.7444.175 |
| Debian 13 | Chromium | Before 142.0.7444.175 |
Detecting the vulnerability with Wazuh
The Wazuh Cyber Threat Intelligence (CTI) service provides real-time vulnerability information by aggregating known vulnerabilities from trusted external sources. Wazuh matches installed software against information from the Wazuh CTI to detect vulnerable packages. For each detected vulnerability, Wazuh dynamically generates a CTI reference using its Common Vulnerabilities and Exposures (CVE) ID, in this case CVE-2025-13223. For further analysis, you can access detailed information about the vulnerability, including its description, affected operating systems and software versions, severity ratings, and external references.
Infrastructure
We use a lab environment with the following infrastructure to write this blog post and raise awareness about the vulnerability.
- A pre-built, ready-to-use Wazuh OVA 4.14.1, which includes the Wazuh server, indexer, and dashboard.
- The following endpoints with the Wazuh agent 4.14.1 installed and enrolled in the Wazuh server.
- Windows Server 2022
- Debian 11
- Debian 13
IT Hygiene
The Wazuh Syscollector module routinely performs scans to collect system inventory information from monitored endpoints. This information includes hardware, operating system, installed software, network interfaces, ports, running processes, browser extensions, services, users, and group data.
The Wazuh dashboard image below shows the vulnerable Google Chrome and Chromium browsers installed on the monitored endpoints using the filter – package.name: is one of Google Chrome, chromium.
Vulnerability scan results
The Wazuh Vulnerability Detection module generates alerts on the Wazuh dashboard if the monitored endpoints have the vulnerable Google Chrome (Windows Server 2022) and Chromium (Debian 11 and Debian 13) packages installed.
Wazuh dashboard
Perform the following steps to view all detected vulnerabilities related to CVE-2025-13223.
- Navigate to the Vulnerability Detection page.
- Add the following query in the search bar to filter for the Chrome/Chromium zero-day vulnerability:
CVE-2025-13223. - Switch to the Inventory tab to view the vulnerability alerts
- Click on the vulnerability alert to view more information.
- Click on the vulnerability.scanner.reference field of the alert to view detailed information about the vulnerability on the Wazuh CTI.
The results below are from Windows Server 2022, Debian 11, and Debian 13 endpoints that have the vulnerable versions of the packages installed.
Mitigation
Google released an emergency patch to fix this vulnerability. Users are advised to update the version of Chrome and Chromium running on their endpoints to prevent exploitation of this zero-day vulnerability.
Google Chrome
Update Google Chrome to the latest version to mitigate this vulnerability.
Chromium
- At the time of writing this post, all versions of Chromium browsers up to
120.0.6099.224on Debian 11 endpoints are vulnerable. Hence, users running vulnerable versions should uninstall the vulnerable package until an updated version becomes available. - Update the vulnerable packages on Debian 12 and 13 endpoints to mitigate this vulnerability.
Wazuh dashboard
Perform the following steps on the Wazuh dashboard to verify that the vulnerability has been resolved.
- Navigate to the Vulnerability Detection > Events tab.
- In the search bar, add the query
CVE-2025-13223. - The vulnerability status is updated from
ActivetoSolvedwhen recommended actions are implemented.
Conclusion
CVE-2025-13223 is a high-severity zero-day vulnerability in the V8 engine affecting Chrome and Chromium on Windows, macOS, and Debian endpoints. It allows remote attackers to corrupt memory and potentially execute code simply by getting a user to visit a malicious webpage. With active exploitation in the wild, timely browser updates are critical. Keeping Chrome and Chromium patched is the most effective defense protecting users and organizations from this serious threat.
The Wazuh Vulnerability Detection module identifies vulnerabilities in your IT infrastructure and helps you maintain a secure environment by continuously monitoring software versions, detecting misconfigurations, and providing actionable alerts to remediate risks before they can be exploited.