Google has addressed a critical security vulnerability in Chrome, identified as CVE-2025-6554, which allows remote attackers to execute malicious code. This flaw, resulting from type confusion in the V8 engine, can lead to unauthorized read/write operations via crafted HTML. Discovered by Clément Lecigne, it has been actively exploited, putting users at risk. Google has released updates for various operating systems, and users are advised to update their browsers promptly for protection against potential threats.
The NIST page describes it as: "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page."
A programming problem in the code could give a remote attacker the means to create a malicious web page designed to steal data, install malware, or take over your system.
The vulnerability has already been exploited in the wild, which means the bad guys are onto it and have used it to target unsuspecting Chrome users.
To update Chrome, open the browser, click the three-dot icon at the top, move to Help, and select About Chrome.
Collection
[
|
...
]