Chrome 138 Update Patches Zero-Day Vulnerability

Chrome 138 Update Patches Zero-Day Vulnerability

Posted on By CWS

Google on Monday introduced a contemporary Chrome replace that resolves a high-severity vulnerability for which an exploit exists within the wild.

Tracked as CVE-2025-6554, the bug is described as a sort confusion within the open supply V8 JavaScript and WebAssembly engine.

A pressure of reminiscence security bugs, sort confusion points could be exploited to set off sudden software program conduct, resulting in crashes, distant code execution, and different sorts of assaults.

Profitable exploitation of the brand new Chrome safety defect may permit distant attackers to carry out arbitrary learn/write operations utilizing crafted HTML pages, a NIST advisory reads.

“Google is conscious that an exploit for CVE-2025-6554 exists within the wild,” the web large notes in its advisory.

Google additionally notes that the vulnerability was reported on June 25 and that mitigations have been rolled out the subsequent day.

“This problem was mitigated on 2025-06-26 by a configuration change pushed out to Steady channel throughout all platforms,” the corporate mentioned.

Whereas Google has not supplied particulars on the CVE or the noticed exploit, its phrasing and the rushed fixes counsel that the bug has been exploited within the wild.Commercial. Scroll to proceed studying.

Moreover, the web large credited Clement Lecigne of Google Risk Evaluation Group (TAG) for reporting the difficulty. TAG researchers have uncovered a number of flaws exploited by business adware distributors, together with such safety defects within the Chrome browser.

The newest Chrome iteration is now rolling out as variations 138.0.7204.96/.97 for Home windows, variations 138.0.7204.92/.93 for macOS, and model 138.0.7204.96 for Linux. Customers are suggested to replace their browsers as quickly as doable.

That is the fourth Chrome vulnerability documented this 12 months for which Google mentions the existence of an exploit, after CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

Hackers Earn Over Million at Pwn2Own Berlin 2025 Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 Security Week News
Apple Updates macOS, iOS to Fix Numerous Security Flaws Apple Updates macOS, iOS to Fix Numerous Security Flaws Security Week News
CISA Warns of CWP Vulnerability Exploited in the Wild CISA Warns of CWP Vulnerability Exploited in the Wild Security Week News
Skoda Online Shop Faces Significant Data Breach Skoda Online Shop Faces Significant Data Breach Security Week News
Securonix Acquires Threat Intelligence Firm ThreatQuotient Securonix Acquires Threat Intelligence Firm ThreatQuotient Security Week News
Elastic Refutes Claims of Zero-Day in EDR Product Elastic Refutes Claims of Zero-Day in EDR Product Security Week News