Khaberni - In an urgent security alert, millions of internet users worldwide are warned, as Google and Microsoft have released emergency updates for "Chrome" and "Edge" browsers to repair serious "Zero Day" security vulnerabilities that are currently being exploited in real cyberattacks.
The main vulnerabilities allow attackers to perform random read and write operations in memory through a specially designed HTML page, paving the way for the execution of malicious codes, theft of sensitive data, or complete control of the device without user intervention.
According to reports from the Cybersecurity and Infrastructure Security Agency, these vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) list, with federal agencies being required to implement the fixes by December 10, 2025, reflecting the severe danger of the threat.
The first vulnerability, discovered by Google's Threat Analysis Group (TAG) led by Clément Lecigne, is a Type Confusion flaw in V8 for JavaScript and WebAssembly, which is used in all Chromium-based browsers.
The second vulnerability is also a Type Confusion V8 with a severity CVSS score of 8.1, allowing random read and write in memory, making it a prime target for remote attacks.
The impact extends to all users on Windows, macOS, and Linux systems, including users of Edge which is based on the same Chromium base.
According to vulnerability management company Mondoo, these vulnerabilities are "not only widespread but already being exploited", which underscores the urgent need for immediate updates to avoid risks such as unauthorized data access or malware installation through visiting malicious sites.
Microsoft confirmed in an official statement that the Edge release includes a fix for the first vulnerability, while Google released an update for the flaw, with additional fixes for the second vulnerability in previous versions.
In a related context, the year 2025 witnessed nine zero-day vulnerabilities in Chrome alone, highlighting the increasing pressure on Chromium-based browsers, which also include Brave, Opera, and Vivaldi.
Security experts at The Hacker News clarify that "attackers can exploit these vulnerabilities to execute random codes and cause chaos in memory," emphasizing that automatic updates may not always be sufficient, hence manual checking through "About Chrome" or "About Edge" and restarting is advised.
Users are recommended to enable automatic updates, avoid visiting suspicious sites, and use advanced antivirus software.
With the rise of cyberattacks, this warning serves as a reminder of the importance of digital caution, especially as the end of a year marked by an unprecedented wave of vulnerabilities in the most used browsers approaches.
