Last month saw the release of Project Misriah, an ambitious modding project that tried to re-create the feel of Halo 3 inside Valve’s Counter-Strike 2. That project has now been taken down from the Steam Workshop, though, after drawing a Digital Millennium Copyright Act complaint from Microsoft.
Modder Froddoyo introduced Project Misriah on November 16 as “a workshop collection of Halo ported maps and assets that aims to bring a Halo 3 multiplayer-like experience to Counter-Strike 2.” Far from just being inspired by Halo 3, the mod directly copied multiple sound effects, character models, maps, and even movement mechanics from Bungie and Microsoft’s popular series.
In the weeks since, Project Misriah has drawn a lot of praise from both Halo fans and those impressed by what modders could pull off with the Source 2 engine. But last Wednesday, modder Froddoyo shared a DMCA request from Microsoft citing the “unauthorized use of Halo game content in a [Steam] workshop not associated with Halo games.”
It’s been over 10 years since the launch of the excellent The Witcher 3: Wild Hunt, and nearly four years since the announcement of “the next installment in The Witcher series of video games.” Despite those long waits, developer CD Projekt Red is still insisting it will deliver the next three complete Witcher games in a short six-year window.
In a recent earnings call, CDPR VP of Business Development Michał Nowakowski suggested that a rapid release schedule would be enabled in no small part by the team’s transition away from its proprietary REDEngine to the popular Unreal Engine in 2022. At the time, CDPR said the transition to Unreal Engine would “elevate development predictability and efficiency, while simultaneously granting us access to cutting-edge game development tools.” Those considerations seemed especially important in the wake of widespread technical issues with the console versions of Cyberpunk 2077, which CDPR later blamed on REDEngine’s “in-game streaming system.”
“We’re happy with how [Unreal Engine] is evolving through the Epic team’s efforts, and how we are learning how to make it work within a huge open-world game, as [The Witcher 4] is meant to be,” Nowakowski said in the recent earnings call. “In a way, yes, I do believe that further games should be delivered in a shorter period of time—as we had stated before, our plan still is to launch the whole trilogy within a six-year period, so yes, that would mean we would plan to have a shorter development time between TW4 and TW5, between TW5 and TW6 and so on.”
Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited in the wild. These flaws were found in Chrome’s V8 engine, which is the part of Chrome (and other Chromium-based browsers) that runs JavaScript.
Chrome is by far the world’s most popular browser, used by an estimated 3.4 billion people. That scale means when Chrome has a security flaw, billions of users are potentially exposed until they update.
These vulnerabilities are serious because they affect the code that runs almost every website you visit. Every time you load a page, your browser executes JavaScript from all sorts of sources, whether you notice it or not. Without proper safety checks, attackers can sneak in malicious instructions that your browser then runs—sometimes without you clicking anything. That could lead to stolen data, malware infections, or even a full system compromise.
That’s why it’s important to install these patches promptly. Staying unpatched means you could be open to an attack just by browsing the web, and attackers often exploit these kinds of flaws before most users have a chance to update. Always let your browser update itself, and don’t delay restarting to apply security patches, because updates often fix exactly this kind of risk.
How to update
The Chrome update brings the version number to 142.0.7444.175/.176 for Windows, 142.0.7444.176 for macOS and 142.0.7444.175 for Linux. So, if your Chrome is on the version number 142.0.7444.175 or later, it’s protected from these vulnerabilities.
The easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.
To update manually, click the “More” menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then relaunch Chrome to complete the update, and you’ll be protected against these vulnerabilities.
Both vulnerabilities are characterized as “type confusion” flaws in V8.
Type confusion happens when code doesn’t verify the object type it’s handling and then uses it incorrectly. In other words, the software mistakes one type of data for another—like treating a list as a single value or a number as text. This can cause Chrome to behave unpredictably and, in some cases, let attackers manipulate memory and execute code remotely through crafted JavaScript on a malicious or compromised website.
The actively exploited vulnerability—Google says “an exploit for CVE-2025-13223 exists in the wild”—was discovered by Google’s Threat Analysis Group (TAG). It can allow a remote attacker to exploit heap corruption via a malicious HTML page. Which means just visiting the “wrong” website might be enough to compromise your browser.
Google hasn’t shared details yet about who is exploiting the flaw, how they do it in real-world attacks, or who’s being targeted. However, the TAG team typically focuses on spyware and nation-state attackers that abuse zero days for espionage.
The second vulnerability, tracked as CVE-2025-13224, was discovered by Google’s Big Sleep, an AI-driven project to discover vulnerabilities. It has the same potential impact as the other vulnerability, but cybercriminals probably haven’t yet figured out how to use it.
Users of other Chromium-based browsers—like Edge, Opera, and Brave—can expect similar updates in the near future.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Login
