Emergency Security Update Released by Google to Address Critical Chrome Zero-Day Vulnerability
Google has recently rolled out an emergency security update for Chrome. This update is intended to address a critical zero-day vulnerability, identified as CVE-2025-6554, which is currently being actively exploited.
The vulnerability is a high-severity type confusion flaw located in Chrome’s V8 JavaScript engine. This flaw allows remote attackers to perform arbitrary read/write operations via specially crafted HTML pages.
This vulnerability was discovered by ClĂ©ment Lecigne of Google’s Threat Analysis Group. It has a CVSS score of 8.1, making it the fourth actively exploited Chrome zero-day of 2025.
Google’s Threat Analysis Group frequently uncovers exploits used by state-sponsored threat actors. These attacks are often targeted at high-risk individuals, including politicians, dissidents, and journalists.
Immediate Update Recommended
Users are strongly advised to immediately update to the following Chrome versions:
- 138.0.7204.96/.97 for Windows
- 138.0.7204.92/.93 for macOS
- 138.0.7204.96 for Linux
The company initially mitigated the issue on June 26, 2025, through a configuration change. However, the full patch is now available for users.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as they become available.
Source: The Hacker News