chrome漏洞复现跟踪CVE-2025-13223和CVE-2025-13224
chrome漏洞复现跟踪CVE-2025-13223和CVE-2025-13224
Description
2025年11月18日,chrome发布更新,在The Stable channel has been updated to 142.0.7444.175/.176 for Windows and 142.0.7444.176 for Mac and 142.0.7444.175 for Linux修复了两个漏洞,CVE-2025-13223和CVE-2025-13224这里记录一下用于追踪。
CVE-2025-13223
Description
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
142.0.7444.175之前的谷歌Chrome V8中的类型混淆允许远程攻击者通过精心制作的HTML页面潜在地利用堆损坏。(安全级别:高)
该漏洞已经有通报的在野武器化漏洞利用。
References
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html
https://issues.chromium.org/issues/460017370
POC
2025/11/24 还无POC
2025/12/24 还无POC
CVE-2025-13224
Description
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
142.0.7444.175之前的谷歌Chrome V8中的类型混淆允许远程攻击者通过精心制作的HTML页面潜在地利用堆损坏。(安全级别:高)
Analyze
找到了对应的commit记录https://chromium.googlesource.com/v8/v8.git/+/78d7b6b12c97b7a4f4a96230f61af54aa64b6fd6
References
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html
https://issues.chromium.org/issues/450328966
POC
2025/11/24 还无POC
2025/12/24 还无POC
