Chrome 138 Update Patches Zero-Day Vulnerability

Chrome 138 Update Patches Zero-Day Vulnerability

Posted on By CWS

Google on Monday introduced a contemporary Chrome replace that resolves a high-severity vulnerability for which an exploit exists within the wild.

Tracked as CVE-2025-6554, the bug is described as a sort confusion within the open supply V8 JavaScript and WebAssembly engine.

A pressure of reminiscence security bugs, sort confusion points could be exploited to set off sudden software program conduct, resulting in crashes, distant code execution, and different sorts of assaults.

Profitable exploitation of the brand new Chrome safety defect may permit distant attackers to carry out arbitrary learn/write operations utilizing crafted HTML pages, a NIST advisory reads.

“Google is conscious that an exploit for CVE-2025-6554 exists within the wild,” the web large notes in its advisory.

Google additionally notes that the vulnerability was reported on June 25 and that mitigations have been rolled out the subsequent day.

“This problem was mitigated on 2025-06-26 by a configuration change pushed out to Steady channel throughout all platforms,” the corporate mentioned.

Whereas Google has not supplied particulars on the CVE or the noticed exploit, its phrasing and the rushed fixes counsel that the bug has been exploited within the wild.Commercial. Scroll to proceed studying.

Moreover, the web large credited Clement Lecigne of Google Risk Evaluation Group (TAG) for reporting the difficulty. TAG researchers have uncovered a number of flaws exploited by business adware distributors, together with such safety defects within the Chrome browser.

The newest Chrome iteration is now rolling out as variations 138.0.7204.96/.97 for Home windows, variations 138.0.7204.92/.93 for macOS, and model 138.0.7204.96 for Linux. Customers are suggested to replace their browsers as quickly as doable.

That is the fourth Chrome vulnerability documented this 12 months for which Google mentions the existence of an exploit, after CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

Threat Actors Use SVG Smuggling for Browser-Native Redirection Threat Actors Use SVG Smuggling for Browser-Native Redirection Security Week News
CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary Security Week News
VMware Flaws That Earned Hackers 0,000 at Pwn2Own Patched VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched Security Week News
Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense Security Week News
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Security Week News
MATLAB Maker MathWorks Recovering From Ransomware Attack MATLAB Maker MathWorks Recovering From Ransomware Attack Security Week News