CVE-2025-13224
Published: 17 November 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-13224 is a type confusion vulnerability (CWE-843) in the V8 JavaScript engine within Google Chrome versions prior to 142.0.7444.175. The flaw enables a remote attacker to potentially trigger heap corruption by means of a crafted HTML page. Chromium security has rated it as High severity, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A remote attacker without privileges can exploit this vulnerability over the network by luring a user into interacting with a malicious site, such as visiting a webpage or processing a crafted HTML document. User interaction is required to trigger the issue, after which the attacker could achieve heap corruption, leading to high-impact compromise of confidentiality, integrity, and availability.
Google's Chrome Releases blog announces a stable channel update for desktop in version 142.0.7444.175 that addresses this vulnerability. Additional technical details are documented in the Chromium issue tracker at https://issues.chromium.org/issues/450328966.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a type confusion in Chrome's V8 engine exploitable via a crafted HTML page, enabling drive-by compromise (T1189) and exploitation for client execution (T1203) through user interaction like visiting a malicious site.