Critical Chrome Update: Patching the Actively Exploited CVE-2025-6554 Vulnerability
TL;DR
Google has released an urgent update for Chrome to address a zero-day vulnerability, CVE-2025-6554, that allows attackers to exploit users visiting malicious websites. The vulnerability, discovered by Clément Lecigne of Google’s Threat Analysis Group, is a type confusion bug in the V8 JavaScript engine. Users are advised to update Chrome immediately to version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux.
Critical Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Google has released an update for its Chrome browser to patch an actively exploited vulnerability. This update is essential as it addresses a flaw that can be exploited simply by visiting a malicious website, requiring no further user interaction.
Details of the Update
The latest update brings the Stable channel to version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux. While Chrome is designed to update automatically, users who keep their browser open for extended periods or encounter issues with extensions may experience delays.
Manual Update Instructions
To manually update Chrome:
- Click on the three stacked dots in the upper-right corner.
- Navigate to Settings.
- Select About Chrome.
If an update is available, Chrome will notify you and begin downloading it. Once downloaded, simply reload Chrome to complete the update and protect your system from the vulnerability.
For more detailed instructions and version information, refer to our guide on how to update Chrome on every operating system.
Technical Details on the Vulnerability
The vulnerability, tracked as CVE-2025-6554, is a type confusion bug in the V8 JavaScript engine used by Google Chrome. This flaw allows a remote attacker to perform arbitrary read/write operations via a crafted HTML page.
Understanding Type Confusion Bugs
A type confusion bug occurs when the code does not verify the object type passed to it, leading to unauthorized memory manipulation. In this case, the bug affects the V8 JavaScript engine, enabling attackers to exploit memory in ways that compromise browser security.
Discovery and Reporting
Clément Lecigne of Google’s Threat Analysis Group (TAG) discovered and reported the flaw on June 25, 2025. The TAG focuses on identifying and mitigating threats from spyware and nation-state attackers who exploit zero-day vulnerabilities for espionage.
Protect Your Browser with Malwarebytes Browser Guard
At Malwarebytes, we don’t just report on browser vulnerabilities. Our Malwarebytes Browser Guard offers comprehensive protection against malicious websites, credit card skimmers, unwanted ads, and data breaches.
Conclusion
Protecting your browser from vulnerabilities is crucial for maintaining cybersecurity. By keeping Chrome updated and using tools like Malwarebytes Browser Guard, users can safeguard their systems from potential threats. Stay informed and proactive to ensure your digital safety.
For more details, visit the full article: source
Additional Resources
For further insights, check out these authoritative sources: