Google on Monday introduced a contemporary Chrome replace that resolves a high-severity vulnerability for which an exploit exists within the wild.
Tracked as CVE-2025-6554, the bug is described as a sort confusion within the open supply V8 JavaScript and WebAssembly engine.
A pressure of reminiscence security bugs, sort confusion points could be exploited to set off sudden software program conduct, resulting in crashes, distant code execution, and different sorts of assaults.
Profitable exploitation of the brand new Chrome safety defect may permit distant attackers to carry out arbitrary learn/write operations utilizing crafted HTML pages, a NIST advisory reads.
“Google is conscious that an exploit for CVE-2025-6554 exists within the wild,” the web large notes in its advisory.
Google additionally notes that the vulnerability was reported on June 25 and that mitigations have been rolled out the subsequent day.
“This problem was mitigated on 2025-06-26 by a configuration change pushed out to Steady channel throughout all platforms,” the corporate mentioned.
Whereas Google has not supplied particulars on the CVE or the noticed exploit, its phrasing and the rushed fixes counsel that the bug has been exploited within the wild.Commercial. Scroll to proceed studying.
Moreover, the web large credited Clement Lecigne of Google Risk Evaluation Group (TAG) for reporting the difficulty. TAG researchers have uncovered a number of flaws exploited by business adware distributors, together with such safety defects within the Chrome browser.
The newest Chrome iteration is now rolling out as variations 138.0.7204.96/.97 for Home windows, variations 138.0.7204.92/.93 for macOS, and model 138.0.7204.96 for Linux. Customers are suggested to replace their browsers as quickly as doable.
That is the fourth Chrome vulnerability documented this 12 months for which Google mentions the existence of an exploit, after CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.
Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities
Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities
Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs
