ADVISORY—Google Chrome Zero-Day Vulnerability (CVE-2025-6554)

Google has released a security update addressing a zero-day vulnerability in the Chrome browser that is currently being actively exploited in the wild.

Vulnerability overview

The flaw, tracked as CVE-2025-6554, is a type confusion vulnerability in Chrome's V8 JavaScript and WebAssembly engine. This issue could allow a remote attacker to execute arbitrary code by luring users to a specially crafted website. Such vulnerabilities are highly dangerous, particularly when exploited prior to public disclosure, and pose a serious risk to individuals and organizations alike.

Why this matters

Zero-day vulnerabilities are often used in highly targeted attacks before a fix is widely available. This is Chrome’s fourth zero-day this year, highlighting the increasing frequency of browser-based threats.

Action Required

 Google has already pushed a fix to the Stable channel. Users are strongly advised to:

• Update Chrome immediately to the latest version:
  • Windows: 138.0.7204.96/.97
  • macOS: 138.0.7204.92/.93
  • Linux: 138.0.7204.96
• To update: Navigate to Settings > Help > About Google Chrome to trigger the update.

For enterprises and IT teams:

• Verify browser version compliance across endpoints
• Ensure auto-updates are enabled across managed environments
• Monitor for unusual browser behavior, especially on high-value assets

Note: Other Chromium-based browsers (e.g., Microsoft Edge, Brave, Opera, Vivaldi) may also be affected and should be updated accordingly when patches are available.

If you’re concerned that your IT team lacks complete visibility, contact us to learn how our AI-powered exposure management platform can help. Contact us today.