Google Chrome Heap Corruption Vulnerability (CVE-2025-13042) Enables Remote Code Execution
A high-severity vulnerability, tracked as CVE-2025-13042, was identified in the V8 JavaScript engine of Google Chrome, allowing remote attackers to exploit heap corruption through specially crafted HTML pages. This flaw could enable remote code execution on affected systems, posing significant risks to users who visit malicious websites. Google released an emergency fix to address the issue, urging users to update their browsers immediately to mitigate potential exploitation.
The vulnerability affects Google Chrome versions prior to 142.0.7444.166, and its severity is underscored by a CVSS score of 8.8. Security advisories highlight that the flaw is remotely exploitable and could be leveraged by attackers to gain control over vulnerable systems. Organizations are advised to prioritize patching and monitor for any signs of exploitation in their environments.
Timeline
Nov 12, 2025
CVE-2025-13042 vulnerability details are publicly listed
Public vulnerability tracking for CVE-2025-13042 described the issue as a Google Chrome heap corruption flaw affecting the V8 engine. This made the vulnerability details broadly available through CVE tracking sources on November 12, 2025.
Nov 12, 2025
Google addresses Chrome V8 flaw CVE-2025-13042
Google released an emergency fix for the high-severity Chrome V8 heap corruption vulnerability tracked as CVE-2025-13042, which could allow remote code execution. The references indicate the issue was publicly disclosed as a Chrome security update on November 12, 2025.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Chrome Zero-Day Vulnerability CVE-2025-13223 Exploited in the Wild
Google has released an emergency security update to address CVE-2025-13223, a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome and Chromium-based browsers. This type confusion flaw, discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG), allows attackers to achieve heap corruption and potentially execute arbitrary code simply by luring users to maliciously crafted websites. The vulnerability has been actively exploited in the wild, with Google confirming that threat actors are weaponizing it to bypass browser sandbox protections, steal credentials, escalate privileges, and deploy malware. The fix is included in Chrome version 142.0.7444.175/.176 for Windows, Mac, and Linux, and users are strongly urged to update and restart their browsers immediately to mitigate risk. Other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are also rolling out patches. The involvement of Google TAG suggests possible links to advanced persistent threats, highlighting the urgency for both individuals and enterprises to apply updates and monitor for suspicious activity.
1 months ago
Google Chrome V8 Engine High-Severity Vulnerability and Security Advisory
Google released a security advisory addressing a vulnerability in Chrome for Desktop, affecting versions prior to 141.0.7390.122/.123 on Windows and Mac, and 141.0.7390.122 on Linux. The flaw, identified as a high-severity issue in the V8 JavaScript engine (CVE-2025-12036), could allow attackers to exploit affected systems if not promptly patched. Security authorities have urged users and administrators to review the advisory and apply the necessary updates to mitigate potential risks. The vulnerability in the V8 engine requires immediate attention due to its potential impact on system security. Organizations are advised to ensure all Chrome installations are updated to the latest stable versions to prevent exploitation. No evidence of active exploitation has been reported, but the critical nature of the flaw underscores the importance of timely patching to maintain secure environments.
1 months ago
Google Chrome 142 Emergency Update Addresses Multiple High-Risk RCE Vulnerabilities
Google released an emergency update for its Chrome browser, version 142, to patch five security vulnerabilities, including three high-severity flaws that could allow remote code execution (RCE) on Windows, macOS, Linux, and Android platforms. The most critical vulnerability, CVE-2025-12725, is an out-of-bounds write in the WebGPU graphics interface, which could enable attackers to execute arbitrary code by corrupting system memory. Two additional high-severity vulnerabilities, CVE-2025-12726 in the Views component and CVE-2025-12727 in the V8 JavaScript engine, were also addressed, both posing significant risk for memory manipulation and potential code execution. Google has limited the release of technical details to prevent exploitation before users apply the update, but internal assessments rate the vulnerabilities with a CVSS 3.1 score of 8.8, indicating a direct and serious risk. The update is being distributed across all major desktop and mobile platforms, and users are strongly advised to update Chrome promptly to mitigate the risk of exploitation. Two medium-severity issues in the Omnibox were also fixed in this release.
1 months ago