Do Son 
Google has urgently released an update to its Stable channel for Chrome following the discovery of a high-severity zero-day vulnerabilityβCVE-2025-6554βthat is already being exploited in the wild. The flaw, categorized as a type confusion vulnerability in the V8 JavaScript engine, represents a serious threat to users across Windows, macOS, and Linux platforms.
“Google is aware that an exploit for CVE-2025-6554 exists in the wild,”Β the company warns.
CVE-2025-6554 is a type confusion vulnerability in V8, the JavaScript engine at the core of Chromeβs rendering engine. Discovered by ClΓ©ment Lecigne of Google’s Threat Analysis Group (TAG) on June 25, 2025, the bug could allow attackers to execute arbitrary code by tricking the browser into misinterpreting memory typesβan exploit method often used for remote code execution (RCE).
Zero-day vulnerabilitiesβespecially those affecting browsers like Chromeβare prime targets for nation-state actors, advanced persistent threats (APTs), and financially motivated cybercriminals. Type confusion flaws in V8 have previously been leveraged for drive-by download attacks, sandbox escapes, and malicious payload delivery via seemingly harmless websites.
The patch was released under version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux, and is rolling out over the coming days and weeks. Due to the sensitive nature of the bug and its potential impact, full technical details remain restricted until the majority of users are protected.
Related Posts:
- Chrome Update Alert: Two High-Severity Flaws Patched β Update Now to Stay Safe!
- Chrome 137 Released: Fixes High-Severity Use-After-Free & V8 Bugs
- Windows 11 CPU Confusion: Microsoft Restores 8th-10th Gen Intel Support
- CVE-2023-2033: Chrome Zero-Day Vulnerability
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
