CyberSecurityBoard
Sponsor Register Login

Google fixes fourth actively exploited Chrome zero-day of 2025

Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with new versions rolling out worldwide to Windows (138.0.7204.96/.97), Mac (138.0.7204.92/.93), and Linux users (138.0.7204.96) one day after the issue was reported to Google. ​​​The bug was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG), a collective of security researchers focused on defending Google customers from state-sponsored and other similar attacks. Google TAG frequently discovers zero-day exploits deployed by government-sponsored threat actors in targeted attacks to infect high-risk individuals, including opposition politicians, dissidents, and journalists, with spyware. Google released another set of emergency security updates in May to address a Chrome zero-day (CVE-2025-4664) that can allow attackers to hijack accounts. In 2024, Google patched a total of 10 zero-day vulnerabilities that were either exploited in attacks or demoed during Pwn2Own hacking competitions. This is the fourth actively exploited Google Chrome zero-day fixed since the start of the year, with three more patched in March, May, and June. One month later, the company addressed an out-of-bounds read and write weakness in Chrome's V8 JavaScript engine discovered by Google TAG's Benoît Sevens and Clément Lecigne. Although the security updates patching CVE-2025-6554 could take days or weeks to reach all users, according to Google, they were immediately available when BleepingComputer checked for updates earlier today. Even though Google stated that this vulnerability was exploited in the wild, the company has yet to share technical details or additional information regarding these attacks. "Google is aware that an exploit for CVE-2025-6554 exists in the wild," the browser vendor said in a security advisoryissued on Monday. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," Google said. The first, a high-severity sandbox escape flaw (CVE-2025-2783) reported by Kaspersky's Boris Larin and Igor Kuznetsov, was used in espionage attacks targeting Russian government organizations and media outlets with malware.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 01 Jul 2025 11:00:17 +0000


Cyber News related to Google fixes fourth actively exploited Chrome zero-day of 2025

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Google fixes fourth actively exploited Chrome zero-day of 2025 - Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, ...
1 month ago Bleepingcomputer.com CVE-2025-4664
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
Google fixes first actively exploited Chrome zero-day of 2024 - Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide ...
1 year ago Bleepingcomputer.com CVE-2024-0519 CVE-2023-7024 CVE-2023-6345 CVE-2023-5217 CVE-2023-4863 CVE-2023-3079 CVE-2023-4762 CVE-2023-2136 CVE-2023-2033
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-22515 APT29 Rocke BianLian
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
1 year ago Bleepingcomputer.com CVE-2024-4947 CVE-2024-0519 CVE-2024-2887 CVE-2024-3159 CVE-2024-4671 CVE-2024-4761
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Google Chrome emergency update fixes 6th zero-day exploited in 2023 - Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. The company acknowledged the existence of an exploit for the security flaw in a new security ...
1 year ago Bleepingcomputer.com CVE-2023-6345
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
1 year ago Bleepingcomputer.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270
Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
1 year ago Bleepingcomputer.com CVE-2024-30051 CVE-2023-36033 RansomEXX Black Basta
newsletter Round 478 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-22515 APT29 BianLian
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
1 year ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
1 year ago Bleepingcomputer.com CVE-2024-30046
Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
3 weeks ago Bleepingcomputer.com CVE-2025-7656
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 BianLian
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-49103 CVE-2023-22515 APT28 APT29 BianLian
Alert: New Chrome Zero-Day Vulnerability Being Exploited - Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It's worth noting that the vulnerability ...
1 year ago Securityboulevard.com CVE-2023-7024 CVE-2023-2033 CVE-2023-2136 CVE-2023-3079 CVE-2023-4762 CVE-2023-6345

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)