Google has released security updates for its Chrome browser to address a zero-day vulnerability with an existing exploit in the wild. The vulnerability, CVE-2025-6554, is a type confusion flaw in the V8 JavaScript and WebAssembly engine that allows remote attackers to perform arbitrary read/write via a crafted HTML page.
Type confusion vulnerabilities can have severe consequences, including triggering unexpected software behavior, executing arbitrary code, and program crashes. As zero-day bugs are often exploited before fixes are available, these flaws can be used for malicious activities like installing spyware or launching drive-by downloads.
The vulnerability was discovered by Google’s Threat Analysis Group (TAG) on June 25, 2025, and a configuration change was implemented the next day to mitigate the issue. However, it’s still important for users to update their Chrome browser to the latest version to ensure security.
Google has not released additional details about the exploit or who may have used it, but it has warned that businesses and IT teams managing multiple endpoints should prioritize automatic patch management and monitoring browser version compliance.
To protect against this potential threat, users are advised to update their Chrome browser to versions 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux. Users of other Chromium-based browsers should also apply fixes as soon as they become available.
Source: https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html