Google Patches Two High-Severity V8 Vulnerabilities (CVE-2025-8010, CVE-2025-8011) in Chrome

Google has released a new Stable Channel Update for Chrome Desktop, bringing the browser to version 138.0.7204.168/.169 for Windows and macOS, and 138.0.7204.168 for Linux. The update is rolling out gradually over the coming days and weeks, and it includes three security fixes, two of which address high-severity vulnerabilities in Chrome’s JavaScript engine, V8.

The most notable vulnerabilities fixed in this release are:

• CVE-2025-8010 – Type Confusion in V8
  Discovered and reported by Shaheen Fazim on July 9, 2025, this vulnerability earned a $8,000 bounty. Type confusion vulnerabilities in V8 can lead to memory corruption, potentially allowing arbitrary code execution in the context of the browser.
• CVE-2025-8011 – Type Confusion in V8
  Also reported by Shaheen Fazim on the same day, this second flaw was assigned a high severity rating, though technical details and bounty amounts are currently TBD.

While the exact technical specifics are not yet public, Google often keeps bug details private until the majority of users have updated. This helps to limit the window of opportunity for threat actors who might exploit the flaws in active campaigns.

Type confusion vulnerabilities occur when a program misinterprets the type of an object during execution. In JavaScript engines like V8, this can allow attackers to manipulate memory structures, escape the browser sandbox, or even execute arbitrary native code.

Given Chrome’s widespread use, vulnerabilities in V8 are a prime target for attackers, particularly in exploit chains used in zero-day attacks.

Related Posts:

• Chrome Update Alert: Two High-Severity Flaws Patched – Update Now to Stay Safe!
• Chrome 137 Released: Fixes High-Severity Use-After-Free & V8 Bugs
• Google Patches Actively Exploited Chrome Zero-Day: CVE-2025-6554
• Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available
• Windows 11 CPU Confusion: Microsoft Restores 8th-10th Gen Intel Support

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy