Chrome 138 Update Patches Zero-Day Vulnerability

Chrome 138 Update Patches Zero-Day Vulnerability

Posted on By CWS

Google on Monday introduced a contemporary Chrome replace that resolves a high-severity vulnerability for which an exploit exists within the wild.

Tracked as CVE-2025-6554, the bug is described as a sort confusion within the open supply V8 JavaScript and WebAssembly engine.

A pressure of reminiscence security bugs, sort confusion points could be exploited to set off sudden software program conduct, resulting in crashes, distant code execution, and different sorts of assaults.

Profitable exploitation of the brand new Chrome safety defect may permit distant attackers to carry out arbitrary learn/write operations utilizing crafted HTML pages, a NIST advisory reads.

“Google is conscious that an exploit for CVE-2025-6554 exists within the wild,” the web large notes in its advisory.

Google additionally notes that the vulnerability was reported on June 25 and that mitigations have been rolled out the subsequent day.

“This problem was mitigated on 2025-06-26 by a configuration change pushed out to Steady channel throughout all platforms,” the corporate mentioned.

Whereas Google has not supplied particulars on the CVE or the noticed exploit, its phrasing and the rushed fixes counsel that the bug has been exploited within the wild.Commercial. Scroll to proceed studying.

Moreover, the web large credited Clement Lecigne of Google Risk Evaluation Group (TAG) for reporting the difficulty. TAG researchers have uncovered a number of flaws exploited by business adware distributors, together with such safety defects within the Chrome browser.

The newest Chrome iteration is now rolling out as variations 138.0.7204.96/.97 for Home windows, variations 138.0.7204.92/.93 for macOS, and model 138.0.7204.96 for Linux. Customers are suggested to replace their browsers as quickly as doable.

That is the fourth Chrome vulnerability documented this 12 months for which Google mentions the existence of an exploit, after CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

Wiz Enhances Google Cloud’s Security in B Acquisition Wiz Enhances Google Cloud’s Security in $32B Acquisition Security Week News
Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks Security Week News
Triad Nexus Maneuvers Around Sanctions to Sustain Cybercrime Triad Nexus Maneuvers Around Sanctions to Sustain Cybercrime Security Week News
US Experts Jailed for Ransomware Conspiracy Involvement US Experts Jailed for Ransomware Conspiracy Involvement Security Week News
Data Breach by Over 300 Chrome Extensions Uncovered Data Breach by Over 300 Chrome Extensions Uncovered Security Week News
Webinar: Safeguarding Identity in AI and Automation Webinar: Safeguarding Identity in AI and Automation Security Week News