Google has issued an urgent security update for Chrome browser users worldwide, addressing a critical zero-day vulnerability that is actively being exploited by cybercriminals. Recognizing the severity and active exploitation of the flaw, Google implemented an immediate mitigation measure on June 26, 2025, through a configuration change pushed to all stable channel users across all platforms. The high-severity flaw, designated CVE-2025-6554, allows attackers to execute arbitrary code on affected systems through a type confusion vulnerability in Chrome’s V8 JavaScript engine. The vulnerability was discovered and reported by Clément Lecigne, a security researcher from Google’s elite Threat Analysis Group, on June 25, 2025. The stable channel update brings Chrome to version 138.0.7204.96/.97 for Windows users, 138.0.7204.92/.93 for Mac systems, and 138.0.7204.96 for Linux platforms. Google’s security team has confirmed that exploits targeting CVE-2025-6554 are circulating in the wild, making this update particularly urgent. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The type confusion flaw in V8, Chrome’s JavaScript and WebAssembly engine, creates opportunities for malicious actors to manipulate memory allocation and potentially gain unauthorized access to system resources. The company’s acknowledgment of active exploitation indicates that cybercriminals have already weaponized this vulnerability, potentially targeting unsuspecting users through malicious websites or compromised web applications. Type confusion vulnerabilities are particularly dangerous because they can lead to memory corruption, allowing attackers to execute arbitrary code with the same privileges as the browser process. This emergency patch represents a swift response to a vulnerability that poses immediate risks to users’ digital security. Chrome users should immediately check their browser version by navigating to Settings > About Chrome, which will automatically trigger an update check. Google continues to leverage advanced security technologies, including AddressSanitizer, MemorySanitizer, and libFuzzer, to detect and prevent similar vulnerabilities from reaching production releases. The browser will download and install the security patch automatically, requiring only a browser restart to complete the process.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Jul 2025 02:45:20 +0000