Blog Trainings Request a Demo Login
Free Trial
Dark Web Report
SOCRadar® Cyber Intelligence Inc. | CVE-2025-6554: Chrome’s New Zero-Day Under Active Exploitation
Free Dark Web Report
Is your Domain Exposed? Find Out.
Table Of Content
Moon
Home

Resources

Blog
Jul 02, 2025
4 Mins Read

CVE-2025-6554: Chrome’s New Zero-Day Under Active Exploitation

A high-severity security flaw in Google Chrome is under active exploitation, prompting an urgent response. Identified as CVE-2025-6554, this zero-day vulnerability impacts Chrome’s V8 JavaScript engine and has been exploited in real-world attacks. Here’s what this means, who’s at risk, and how you can stay protected.

What Is CVE-2025-6554?

CVE-2025-6554 (CVSS 8.1) is a type confusion vulnerability located in Chrome’s V8 engine, which is the component responsible for executing JavaScript and WebAssembly.

Type confusion in V8 in Google Chrome: CVE-2025-6554 (SOCRadar Vulnerability Intelligence)

Type confusion in V8 in Google Chrome: CVE-2025-6554 (SOCRadar Vulnerability Intelligence)

Type confusion issues arise when a program allocates or accesses memory incorrectly, allowing unintended behaviors. In this case, attackers can serve maliciously crafted HTML pages that abuse the flaw to execute arbitrary read and write operations.

In practical terms, successful exploitation could enable a remote attacker to execute arbitrary code on the victim’s machine, potentially leading to full system compromise if combined with other techniques.

Which Platforms and Versions Are Affected?

The vulnerability affects all major desktop platforms running Chrome, including Windows, macOS, and Linux. Google has released patched versions across the Stable channel:

  • Windows: v138.0.7204.96/.97
  • macOS: v138.0.7204.92/.93
  • Linux: v138.0.7204.92

Google identified the flaw on June 25, 2025, and responded swiftly by rolling out a configuration-based mitigation across all platforms the following day.

Is CVE-2025-6554 Being Exploited?

Google confirmed that CVE-2025-6554 is being actively exploited in the wild. While technical details have not yet been disclosed, the vulnerability was credited to Clément Lecigne of Google’s Threat Analysis Group (TAG) for discovery.

Given TAG’s track record of uncovering exploits used in state-sponsored espionage campaigns, including previous V8 vulnerabilities leveraged by North Korean actors against cryptocurrency targets, it is likely that CVE-2025-6554 is being used in similarly targeted and sophisticated attacks.

Why CVE-2025-6554 Signals a Serious Ongoing Threat

This marks the fourth actively exploited Chrome zero-day of the year, reflecting an ongoing trend in sophisticated, browser-based attacks. Chrome’s widespread use makes such vulnerabilities especially valuable to threat actors looking to compromise systems en masse or perform precision targeting with minimal user interaction.

Zero-day vulnerabilities in V8 are particularly dangerous due to their potential for Remote Code Execution (RCE), which is a common stepping stone in broader cyberattack campaigns.

What You Should Do

If you haven’t already updated your browser, do so immediately. Simply restarting Chrome may apply the patch if auto-updates are enabled. Otherwise, users can manually update to the latest Stable version via Chrome’s settings.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also stay alert – updates for those platforms are still rolling out.

For further details, refer to Google’s official security advisory.

Protect Your Organization from Exposure and Exploits with SOCRadar

Managing risk means knowing your full digital footprint and understanding the latest threats targeting your environment. SOCRadar’s Attack Surface Management (ASM) continuously discovers and monitors your exposed assets, helping you reduce blind spots before attackers find them.

Company Vulnerabilities & Vulnerable Assets (SOCRadar Attack Surface Management)

Company Vulnerabilities & Vulnerable Assets (SOCRadar Attack Surface Management)

Paired with SOCRadar’s Cyber Threat Intelligence module, you gain timely, actionable insights on newly disclosed vulnerabilities and active exploit trends. This combination enables your security teams to:

  • Identify exposed and vulnerable assets in real time
  • Receive early alerts on critical CVEs and exploit activity
  • Prioritize patching based on real-world threat data
  • Improve response with threat actor profiling and contextual intelligence

Stay proactive and maintain control over your evolving risk landscape with SOCRadar’s integrated approach to External Attack Surface Management and Vulnerability Intelligence.

Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2025-20309: Cisco Unified CM Flaw Enables Remote Root Access
CVE-2025-20309: Cisco Unified CM Flaw Enables Remote Root Access
Jul 03, 2025
SOCRadar® Cyber Intelligence Inc. | CVE-2025-49596: Critical Flaw in Anthropic’s MCP Inspector Leads to RCE
CVE-2025-49596: Critical Flaw in Anthropic’s MCP Inspector Leads to RCE
Jul 02, 2025
SOCRadar® Cyber Intelligence Inc. | How Are North Korean IT Workers Hacking the Global Remote Job Market?
How Are North Korean IT Workers Hacking the Global Remote Job Market?
Jul 01, 2025
SOCRadar® Cyber Intelligence Inc. | CVE-2025-20281 & CVE-2025-20282: Critical Cisco ISE Vulnerabilities Allow Root-Level RCE
CVE-2025-20281 & CVE-2025-20282: Critical Cisco ISE Vulnerabilities Allow Root-Level RCE
Jun 27, 2025
SOCRadar® Cyber Intelligence Inc. | CVE-2025-5777 (CitrixBleed 2) Exposes NetScaler Gateway Devices to Remote Exploitation
CVE-2025-5777 (CitrixBleed 2) Exposes NetScaler Gateway Devices to Remote Exploitation
Jun 25, 2025