Critical Zero-Day Vulnerabilities Target Gogs and Google Chrome
Critical Zero-Day Vulnerabilities Target Gogs and Google Chrome
On December 11, 2025, cybersecurity professionals face urgent challenges as two critical zero-day vulnerabilities have come to light. The first, CVE-2025-8110, affects all versions of Gogs, allowing remote code execution due to improper handling of symbolic links in the PutContents API. With over 700 instances compromised, organizations are strongly advised to patch their systems immediately to mitigate the threat of exploitation, which is considered low-complexity.
Simultaneously, CVE-2025-13223 has been identified in Google Chrome, linked to a type confusion issue within the V8 engine. This vulnerability enables remote code execution simply by visiting a malicious webpage, posing significant risks for users. Google has released an update to address this flaw, and users are urged to upgrade their browsers without delay.
These vulnerabilities underscore the critical need for vigilance and proactive security measures in today's threat landscape, where exploitation can occur rapidly and with relative ease.
Also In Security Today
- NANOREMOTE Malware: New malware named NANOREMOTE exploits the Google Drive API for command-and-control operations, specifically targeting Windows systems. Its hidden capabilities allow unauthorized control of compromised devices, posing a serious risk for organizations. Read more.
- Gladinet Vulnerability Exploitation: A flaw within Gladinet products features hardcoded cryptographic keys, resulting in unauthorized access and potential code execution. Organizations are advised to monitor for any exploitation attempts. Learn more.