Actively Exploited Zero-Day Vulnerability in Google Chrome’s V8 Engine (CVE-2025-6554)
July 3rd, 2025
Severity Level: Critical

Technical Details
CVE-ID: CVE-2025-6554.
Severity: Critical.
Affected Component: V8 JavaScript and WebAssembly Engine.
Affected Versions: Google Chrome versions prior to 138.0.7204.96.
Vulnerability Type: Type Confusion.
This vulnerability arises from improper handling of objects in the V8 engine, leading to type confusion where a program mistakenly treats one object type as another. An attacker can exploit this by tricking a user into visiting a specially crafted malicious web page. Once exploited, the flaw allows the attacker to perform arbitrary read and write operations in memory, potentially resulting in full remote code execution (RCE) within the Chrome browser. This means the attacker could access the user’s files, steal stored credentials, or even install additional malwares. The vulnerability was addressed the next day with a configuration update for the Chrome Stable channel, but the risk still remains for users who have not updated.
Our Cyber Threat Intelligence Unit has identified a critical zero-day vulnerability in Google Chrome browsers, tracked as CVE-2025-6554. This vulnerability, found in the V8 JavaScript and WebAssembly engine, allows attackers to perform arbitrary memory read/write operations through specially crafted HTML pages. Google confirmed that the vulnerability is being actively exploited in the wild, prompting an emergency patch release on June 30, 2025. The vulnerability can be exploited via a malicious website, requiring no user interaction beyond visiting the page.

Impact
Exploiting CVE-2025-6554 allows attackers to run arbitrary code in the Chrome browser, potentially gaining access to the user’s system and data.
It can be used to install spyware, steal sensitive information, or conduct additional attacks without user interaction.
Attackers may deliver the exploit via malicious websites or ads, making it suitable for drive-by download attacks.
Users can become infected simply by visiting a malicious or compromised website. No download or clicking is required.
Since this is a zero-day vulnerability, it presents a higher risk, especially before patches are applied.
If successfully exploited, this exploit results in complete compromise of the affected user's browser session and beyond.
The following versions of Google Chrome are vulnerable to CVE-2025-6544:
138.0.7204.95
138.0.7204.90
138.0.7203.x
Any Chrome version below the full version number: 138.0.7204.96
Detection Method
Use centralized IT management tools or software inventory systems to find endpoints running Chrome versions earlier than 138.0.7204.96.
Check system logs and browser activity for signs of unexpected crashes, high memory usage, or unusual network connections from Chrome processes.
Review browsing history and flag any interactions with suspicious or untrusted domains.
Watch for abnormal crashes in Chrome, especially those involving the V8 engine.
Indicators of Compromise
There are no Indicators of Compromise (IOCs) for this advisory.

Recommendations
To reduce the risk from CVE-2025-6554, the following common recommendations are suggested for both individual users and enterprise environments:
Update Chrome immediately to version 138.0.7204.96 or later on Windows/Linux and 138.0.7204.92 or later on macOS.
Restart the browser after updating to ensure the patch is applied.
Enable automatic updates to receive future security patches immediately.
Avoid visiting suspicious or untrusted websites, especially until all systems are confirmed to be patched.
Educate users about phishing and drive-by download risks, emphasizing caution with unknown links.
Enforce patch compliance across all endpoints using centralized management tools.
Monitor network traffic for anomalies and integrate with threat intelligence platforms to stay informed of emerging threats.
Conclusion
CVE-2025-6554 is a critical zero-day vulnerability in Google Chrome that has already been exploited in active attacks, possibly targeted ones. While Google has addressed the vulnerability through a configuration update, users must update Chrome immediately to minimize the risk of exploitation. Organizations should also strengthen monitoring and increase user awareness to defend against similar browser-based threats.