Google has released emergency updates to patch the fourth actively exploited Chrome zero-day vulnerability of 2025. The browser vendor confirmed that an exploit for CVE-2025-6554 exists in the wild and mitigated it on June 26, 2025.
The security update was made available globally on July 2, 2025, for Windows (138.0.7204.96/.97), Mac (138.0.7204.92/.93), and Linux users. The bug, discovered by Google’s Threat Analysis Group (TAG), is a type confusion weakness in the Chrome V8 JavaScript engine.
Google TAG frequently detects zero-day exploits deployed by government-sponsored threat actors to infect high-risk individuals with spyware. Although the update may take days or weeks to reach all users, it was immediately available when checked by BleepingComputer.
This is the fourth actively exploited Google Chrome zero-day fixed since January 2025, following three other patches in March, May, and June. The company has yet to share technical details about these attacks, citing restrictions due to the vulnerability’s potential impact on third-party libraries.
Source: https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025