Google Releases Security Updates for Chrome

Security update addresses an exploited high severity vulnerability in Google Chrome where an attacker could perform perform arbitrary read/write

Threat ID:: CC-4678
Threat Severity:: Medium
Published:: 1 July 2025 11:01 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses an exploited high severity vulnerability in Google Chrome where an attacker could perform perform arbitrary read/write

Affected platforms

The following platforms are known to be affected:

Google Chrome for Windows, macOS and Linux

All prior to 138.0.7204.96/.97 for Windows
All prior to 138.0.7204.92/.93 for Mac
All prior to 138.0.7204.96 for Linux

Threat details

Exploitation of CVE-2025-6554

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

Introduction

Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a "type confusion" vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user to visit a malicious HTML page.

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

Remediation advice

Affected organisations are encouraged to review the Stable Channel Update for Desktop release notes published on 30 June 2025 and apply the latest update.

Definitive source of threat updates

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

CVE Vulnerabilities

Status Published

CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Last edited: 1 July 2025 11:01 am