Zero-day Vulnerability in Chrome Being Actively Exploited

Nam Anh Mai D.Nam Anh Mai D.
2 min read

Recently, Google released an emergency patch for a new zero-day vulnerability that hackers are actively exploiting.

Details

  • Vulnerability ID: CVE-2025-6554

  • CVSS(3.1) Score: 8.1

  • Severity Level: HIGH

  • Description: A type confusion error in Chrome's V8 engine allows remote attackers to exploit and execute arbitrary code through a malicious HTML file.

  • Affected Versions: All versions of Google Chrome before version 138.0.7204.96.

As reported by FPT Threat Intelligence in a previous security alert, the JavaScript Engine V8 acts as the brain processing JavaScript code in Google Chrome and other Chromium-based browsers like Brave, Chromium Edge, etc. When users open any webpage, the JavaScript code of that page is processed by V8 to make the page and its components function.

The CVE-2025-6554 vulnerability in the V8 engine due to a type confusion error allows remote attackers to read/write arbitrary memory on a victim's system through a malicious HTML page. Since V8 directly processes code from websites that users visit, hackers can exploit this process to take advantage of the vulnerability and infiltrate the victim's system.

CVE-2025-6554 also enables remote attackers to execute arbitrary code, inject malicious code into system processes, or further exploit the system when combined with other known serious security vulnerabilities like CVE-2025-5419. The fact that this vulnerability is being actively exploited in the wild increases its severity and the alarming situation it causes.

Recommendations & Mitigation

In its announcement, Google recommends users to:

  • Update Chrome browser to the latest version: Upgrade to version 138.0.7204.96/.97 for the stable version of Google Chrome on Windows, 138.0.7204.92/.93 for macOS, or version 138.0.7204.92 for Linux.

  • Avoid visiting unfamiliar websites: Besides updating to the latest software version, users should not visit unfamiliar links online. Do not download or install files or software from unknown sources.

  • Use security solutions: Install antivirus software, regularly back up data, or use advanced security solutions like 24/7 monitoring to ensure maximum system safety.

References

  1. NVD - CVE-2025-6554

  2. Chrome Releases: Stable Channel Update for Desktop

  3. New Serious Zero-day Vulnerability in Chrome Browser

0
Subscribe to my newsletter

Read articles from Nam Anh Mai D. directly inside your inbox. Subscribe to the newsletter, and don't miss out.

repostthreat intelligenceChromezero_day_vulnerability

Written by

Nam Anh Mai D.
Nam Anh Mai D.