BigTech CompaniesCybersecurityNewswire

Google Chrome Critical Security Update Fixes Active Exploit (CVE-2025-6554)

Photo of The Wiz The Wiz Follow on X Send an email July 2, 2025Last Updated: July 2, 2025
1 minute read
Chrome logo centered against a backdrop of glowing orange network connections.
Get Hired 3x Faster with AI- Powered CVs CV Assistant single post Ad
▼ Summary

Google released a Chrome security update to fix a zero-day vulnerability (CVE-2025-6554) actively exploited in the wild.
– The flaw is a type confusion issue in Chrome’s V8 engine, allowing attackers to execute arbitrary code via crafted HTML pages.
– Google suspects the exploit is used in targeted, possibly state-sponsored attacks, based on its discovery by their Threat Analysis Group.
– The fix is available in Chrome versions 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux.
– Users are urged to update immediately, while Chromium-based browsers like Edge and Opera are still awaiting patches.

Google Chrome users need to act immediately following the discovery of a critical security flaw being actively exploited by attackers. The tech giant has rolled out an emergency update to patch a zero-day vulnerability identified as CVE-2025-6554, which targets Chrome’s V8 JavaScript engine.

This high-severity flaw allows malicious actors to craft deceptive web pages that, when visited, could enable unauthorized code execution on a victim’s device. Attackers may gain the ability to read or modify sensitive data, and in worst-case scenarios, take complete control of affected systems. Google confirmed active exploitation in the wild, though specifics about the attacks remain undisclosed to prevent further abuse.

The vulnerability was reported internally by Google’s Threat Analysis Group (TAG), suggesting it may be linked to sophisticated, state-backed hacking campaigns. Similar zero-day flaws in Chrome’s V8 engine have previously been weaponized by advanced threat groups, including North Korean operatives targeting cryptocurrency firms.

Affected versions include Chrome 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux. Users should verify their browser version and install the latest update immediately. While Chrome typically applies patches automatically, restarting the browser ensures the fix takes effect.

Other browsers built on Chromium, such as Microsoft Edge and Opera, are expected to release their own updates soon. Until then, users of these platforms should exercise caution when browsing untrusted sites.

For those prioritizing security, enabling automatic updates and monitoring official advisories remains the best defense against emerging threats. Stay informed about critical vulnerabilities by subscribing to trusted cybersecurity alerts.

(Source: HelpNet Security)

Topics

google chrome security update 95% zero-day vulnerability cve-2025-6554 90% type confusion issue v8 engine 85% active exploitation wild 80% targeted state-sponsored attacks 75% affected chrome versions 70% urgency user updates 65% chromium-based browsers awaiting patches 60% Security Best Practices 55%
Tags
Photo of The Wiz The Wiz Follow on X Send an email July 2, 2025Last Updated: July 2, 2025
1 minute read
Show More
Photo of The Wiz

The Wiz

Wiz Consults, home of the Internet is led by "the twins", Wajdi & Karim, experienced professionals who are passionate about helping businesses succeed in the digital world. With over 20 years of experience in the industry, they specialize in digital publishing and marketing, and have a proven track record of delivering results for their clients.
Close

Adblock Detected

We noticed you're using an ad blocker. To continue enjoying our content and support our work, please consider disabling your ad blocker for this site. Ads help keep our content free and accessible. Thank you for your understanding!