Google has issued an pressing safety replace for Chrome browser customers worldwide, addressing a essential zero-day vulnerability that’s actively being exploited by cybercriminals.
The high-severity flaw, designated CVE-2025-6554, permits attackers to execute arbitrary code on affected methods by way of a kind confusion vulnerability in Chrome’s V8 JavaScript engine.
Key Points1. CVE-2025-6554, a high-severity kind confusion in Chrome’s V8 engine, permits arbitrary code execution and is actively exploited.2. Chrome up to date to 138.0.7204.96/.97 (Home windows), 138.0.7204.92/.93 (Mac), and 138.0.7204.96 (Linux) to repair the difficulty.3. Google confirms cybercriminals are exploiting this vulnerability within the wild.4. A mitigation was utilized on June 26, 2025, however the full patch requires the newest replace.5. Replace Chrome through Settings > About Chrome instantly to safe your system.
The secure channel replace brings Chrome to model 138.0.7204.96/.97 for Home windows customers, 138.0.7204.92/.93 for Mac methods, and 138.0.7204.96 for Linux platforms. The rollout is happening regularly over the approaching days and weeks to make sure system stability throughout Google’s huge consumer base.
This emergency patch represents a swift response to a vulnerability that poses rapid dangers to customers’ digital safety.
The sort confusion flaw in V8, Chrome’s JavaScript and WebAssembly engine, creates alternatives for malicious actors to govern reminiscence allocation and doubtlessly acquire unauthorized entry to system assets.
The vulnerability was found and reported by Clément Lecigne, a safety researcher from Google’s elite Risk Evaluation Group, on June 25, 2025. This inner discovery highlights the continued safety monitoring efforts inside Google’s infrastructure.
Recognizing the severity and lively exploitation of the flaw, Google applied a direct mitigation measure on June 26, 2025, by way of a configuration change pushed to all secure channel customers throughout all platforms.
Nonetheless, this non permanent mitigation serves solely as a stopgap measure. The excellent repair requires customers to replace their browsers to the newest model to make sure full safety towards potential assaults.
Energetic Exploitation Confirmed
Google’s safety workforce has confirmed that exploits concentrating on CVE-2025-6554 are circulating within the wild, making this replace significantly pressing.
The corporate’s acknowledgment of lively exploitation signifies that cybercriminals have already weaponized this vulnerability, doubtlessly concentrating on unsuspecting customers by way of malicious web sites or compromised net functions.
Sort confusion vulnerabilities are significantly harmful as a result of they will result in reminiscence corruption, permitting attackers to execute arbitrary code with the identical privileges because the browser course of. This might doubtlessly result in system compromise, information theft, or the set up of malware.
Chrome customers ought to instantly verify their browser model by navigating to Settings > About Chrome, which can routinely set off an replace verify. The browser will obtain and set up the safety patch routinely, requiring solely a browser restart to finish the method.
Organizations utilizing Chrome in enterprise environments ought to prioritize this replace throughout their networks. The mix of confirmed lively exploitation and the high-severity ranking makes this patch deployment essential for sustaining organizational cybersecurity posture.
Google continues to leverage superior safety applied sciences, together with AddressSanitizer, MemorySanitizer, and libFuzzer, to detect and stop comparable vulnerabilities from reaching manufacturing releases.
Examine dwell malware conduct, hint each step of an assault, and make quicker, smarter safety choices -> Strive ANY.RUN now
