Chrome 138 Update Patches Zero-Day Vulnerability

Chrome 138 Update Patches Zero-Day Vulnerability

Posted on By CWS

Google on Monday introduced a contemporary Chrome replace that resolves a high-severity vulnerability for which an exploit exists within the wild.

Tracked as CVE-2025-6554, the bug is described as a sort confusion within the open supply V8 JavaScript and WebAssembly engine.

A pressure of reminiscence security bugs, sort confusion points could be exploited to set off sudden software program conduct, resulting in crashes, distant code execution, and different sorts of assaults.

Profitable exploitation of the brand new Chrome safety defect may permit distant attackers to carry out arbitrary learn/write operations utilizing crafted HTML pages, a NIST advisory reads.

“Google is conscious that an exploit for CVE-2025-6554 exists within the wild,” the web large notes in its advisory.

Google additionally notes that the vulnerability was reported on June 25 and that mitigations have been rolled out the subsequent day.

“This problem was mitigated on 2025-06-26 by a configuration change pushed out to Steady channel throughout all platforms,” the corporate mentioned.

Whereas Google has not supplied particulars on the CVE or the noticed exploit, its phrasing and the rushed fixes counsel that the bug has been exploited within the wild.Commercial. Scroll to proceed studying.

Moreover, the web large credited Clement Lecigne of Google Risk Evaluation Group (TAG) for reporting the difficulty. TAG researchers have uncovered a number of flaws exploited by business adware distributors, together with such safety defects within the Chrome browser.

The newest Chrome iteration is now rolling out as variations 138.0.7204.96/.97 for Home windows, variations 138.0.7204.92/.93 for macOS, and model 138.0.7204.96 for Linux. Customers are suggested to replace their browsers as quickly as doable.

That is the fourth Chrome vulnerability documented this 12 months for which Google mentions the existence of an exploit, after CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

Companies Warned of Commvault Vulnerability Exploitation Companies Warned of Commvault Vulnerability Exploitation Security Week News
Cyber Insights 2026: Threat Hunting in an Age of Automation and AI Cyber Insights 2026: Threat Hunting in an Age of Automation and AI Security Week News
China’s Salt Typhoon Hackers Target Canadian Telecom Firms China’s Salt Typhoon Hackers Target Canadian Telecom Firms Security Week News
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged British Man Suspected of Being the Hacker IntelBroker Arrested, Charged Security Week News
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations Security Week News
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice Security Week News