CVE-2025-6554

Published Jun 30, 2025

Last updated 14 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.

Description
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Google Chromium V8 Type Confusion Vulnerability
Exploit added on
Jul 2, 2025
Exploit action due
Jul 23, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

chrome-cve-admin@google.com
CWE-843

Social media

Hype score
Not currently trending
  1. CVE-2025-6554 marks the fifth actively exploited #Chrome Zero-Day patched by Google in 2025 https://t.co/iu1nF0Wm9p #securityaffairs #hacking

    @securityaffairs

    16 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ChromeやEdgeなどのJavaScriptエンジン「V8」に重大なゼロデイ(CVE-2025-6554) 既に悪用されているとCISAが認定。即時のアップデート推奨。 https://t.co/ohPlh29Jri

    @shampoo_101_

    14 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. nu11secur1ty: CVE-2025-6554 - Chromium 138.0.7204.96 Build & Exp... https://t.co/w4q0OrNqdQ

    @nu11secur1ty1

    14 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Google ChromeとMicrosoft Edgeが攻撃を受けている。最新のゼロデイ脆弱性(CVE-2025-6554)はグーグル自身の脅威分析グループ(TAG。Threat Analysis Group)によって発見され、「全ユーザ... #GoogleChrome #MicrosoftEdge https://t.co/

    @_8AS1_

    14 Jul 2025

    63 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 【セキュリティニュース】 Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 https://t.co/7CQP77hhGd cybernote

    @BADBEAR112919

    13 Jul 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    13 Jul 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    12 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    11 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. ⚠️ Wait a moment — There's a Critical Vulnerability (CVE-2025-6554) You Need to Know A zero-day vulnerability in Chrome’s V8 engine (CVE-2025-6554) has been actively exploited in the wild. This type confusion flaw allows remote attackers to execute arbitrary read/write h

    @RoxyBrowser

    11 Jul 2025

    32 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  10. Google ChromeとMicrosoft Edgeが攻撃を受けている。最新のゼロデイ脆弱性(CVE-2025-6554)はグーグル自…… → このリストにあるChrome・Edgeの拡張機能をすぐに削除せよ https://t.co/n4JipzMsiH

    @forbesjapan

    11 Jul 2025

    18965 Impressions

    5 Retweets

    14 Likes

    19 Bookmarks

    0 Replies

    2 Quotes

  11. I just APT proofed Brave on a ryzen 8700g with pkey v8. CVE-2025-6554 variants in working chain now fail

    @AbcXyz03921267

    10 Jul 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Just noticed my Brave seems to not automatically (nor notify) about the chromium CVE-2025-6554 security update -at least for me 🤷‍♂️-, beware and update manually (brave://settings/help)!

    @m411k_

    10 Jul 2025

    159 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    9 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Immediate Action Required: Google Chrome Zero-Day Flaw Under Active Exploitation (CVE-2025-6554) https://t.co/yK9aIvqIeD

    @KevinLo49983937

    8 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️Actualización de seguridad de Grafana ❗CVE-2025-5959 ❗CVE-2025-6554 ❗CVE-2025-6191 ❗CVE-2025-6192 ➡️Más info: https://t.co/2S1ixNursX https://t.co/OSZYPAZotS

    @CERTpy

    8 Jul 2025

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. #CybersecurityNEWS🔴👨💻👾 Vulnerabilidad Zero-Day en Google Chrome registrada como CVE-2025-6554, afecta al motor de JavaScript y WebAssembly (V8)  Ver más: https://t.co/Lpfsabwjta #ciberseguridad #DevelNews https://t.co/CJV7UNIkbA

    @develsecurity

    8 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Grafana Patches Chromium Bugs including a Zero-Day Exploited Grafana has released security updates to fix four high-severity vulnerabilities in the Chromium library used by its Image Renderer plugin and Synthetic Monitoring Agent. The most critical, CVE-2025-6554, is a type of h

    @dCypherIO

    8 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Grafana has released patches for four high-severity Chromium vulnerabilities, including CVE-2025-6554, a type confusion flaw exploited in the wild. Addresses remote code execution & memory issues in Image Renderer & Monitoring Agent. 🚨 #Cyber #Vulnerabi… https://t.co

    @TweetThreatNews

    7 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Microsoft Edgeに深刻な2件の脆弱性(CVE-2025-6554,CVE-2025-49713) #セキュリティ対策Lab #セキュリティ #Security https://t.co/1NCCAPW9Ia

    @securityLab_jp

    6 Jul 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 📌 Google releases emergency Chrome update to fix zero-day vulnerability CVE-2025-6554. Restart your browser now. #CyberSecurity #ZeroDay https://t.co/QH25w3OWj0 https://t.co/AWIDrdQm7E

    @CyberHub_blog

    6 Jul 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-6554 (0day in V8) My version PoC https://t.co/JDGAjKPXOE

    @windz3r0day

    6 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    6 Jul 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. 🚨URGENT: Chrome Zero-Day, CVE-2025-6554, Actively Exploited A critical type confusion vulnerability was discovered in Chrome’s V8 JavaScript engine (versions prior to 138.0.7204.96). This flaw allows arbitrary memory read/write via specially crafted HTML, potentially leadi

    @datareaper3319

    6 Jul 2025

    124 Impressions

    1 Retweet

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 July 4th Cyber Alert:🚨 In the last 48 hrs: 🛫 Qantas breach exposed 6M users via phone scam 🌐 Chrome zero-day patched (CVE-2025-6554) 🔐 Use MFA, update your browser, and don’t trust unknown calls. 📰 https://t.co/1nyCijJG8T #CyberSafety #SafeCyberSurfer

    @safecybersurfer

    6 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    6 Jul 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. גוגל משחררת עדכון לכרום הסוגר חולשה המנוצלת בפועל ע"י תוקפים בעולם (CVE-2025-6554) הגרסאות התקינות הן: - 138.0.7204.96/.97 for Windows - 138.0.7204.92/.93 for Mac - 138.0.7204.92 for Linux תודה לנתי

    @CyberIL

    5 Jul 2025

    223 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🚨 CVE-2025-6554 parchada en V8 de Chrome: si aún no has reiniciado, tú mismo abres la puerta al exploit. 😏 ¿Vas a esperar a ser el próximo bombardeado? #ZeroDay #ChromeUpdate https://t.co/3LuPph6dCv

    @gorkaelbochi

    5 Jul 2025

    7 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update Jul 01, 2025 https://t.co/m6elz1ac53

    @tdatwja

    5 Jul 2025

    194 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    5 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. 【セキュリティニュース】 Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 https://t.co/7CQP77gJQF cybernote

    @BADBEAR112919

    5 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Chrome Zero-Day CVE-2025-6554 is currently being exploited. Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page I advise anyone running Chrome to update ASAP. https://t.co/a9yUOlmZs0

    @Neoviser

    5 Jul 2025

    70 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Chromeに深刻な脆弱性「CVE-2025-6554」 急ぎアップデートを:セキュリティニュースアラート - ITmedia エンタープライズ https://t.co/ivXQU4TaOb

    @Luke06121

    5 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    5 Jul 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. 🚨 ¡Alerta de seguridad crítica! Se ha reportado la vulnerabilidad CVE-2025-6554 con severidad CRÍTICA (9.1) y otra variante con bajo riesgo (2.3). 🔍 Evalúa tu exposición y actualiza sistemas. Compunet te ayuda a anticiparte. #Ciberseguridad #Vulnerabilidades #Compunet

    @CompunetChile

    4 Jul 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 【セキュリティニュース】 Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 https://t.co/7CQP77hhGd cybernote

    @BADBEAR112919

    4 Jul 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Actively exploited CVE : CVE-2025-6554

    @transilienceai

    4 Jul 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. 📢Google ออกแพตช์แก้ไขช่องโหว่ CVE-2025-6554 บน Chrome #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/vBWg6tFgbd

    @ThaiCERTByNCSA

    4 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Grafana security update: Critical severity security release for CVE-2025-5959, CVE-2025-6554, CVE-2025-6191 and CVE-2025-6192 in Grafana Image Renderer plugin and Synthetic Monitoring Agent https://t.co/uPsVTHqxWX #patchmanagement

    @eyalestrin

    4 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 The Cyber Intel Brief is live! 🚨 This week, suspected nation-state threat actors wasted no time exploiting a Chrome zero-day (CVE-2025-6554). Iranian cyber operations are escalating, AI-enhanced malware evasion techniques emerge and Scattered Spider is hitting aviation.

    @Authentic8

    3 Jul 2025

    116 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Top news this week: 🗞️ Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update 🗞️ Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover 🗞️ Over 260K exposed in St. Louis healthcare hack https://t.co/Q0fWNcWH

    @Blue_INK_Sec

    3 Jul 2025

    47 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Don’t use chrome… but if you do make sure to update it. Confirmed cases of nation-states using CVE-2025-6554 have surfaced

    @chrisfrazier0

    3 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🚨 Срочно обновите Chrome: обнаружена критическая уязвимость! 🛡 Google выпустила важное обновление Chrome версии 138.0.7204.49 — там закрыли сразу 11 уязвимостей, вкл

    @_netliner_

    3 Jul 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/FDjTvl3XxD

    @CyberNote_media

    3 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Important security update: @opera , @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-6554. Update now to the latest versions: Opera One (120.0.5543.38) Opera GX (119.0.5497.163) Opera ht

    @Opera_Security

    3 Jul 2025

    108 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🚨 ¡Alerta crítica en Chrome y navegadores Chromium! 🛡️ Actualiza ahora para evitar ataques con la vulnerabilidad CVE-2025-6554. #Ciberseguridad #Chrome #Actualización #OKSAP #oksapelias #IA https://t.co/TUgzJJPZNd

    @oksap_spain

    3 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available https://t.co/ZVAJ5WsooV

    @samilaiho

    3 Jul 2025

    996 Impressions

    3 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  47. An exploit for CVE-2025-6554 exists in the wild #Chrome https://t.co/MuFV0BkpiK

    @blackorbird

    3 Jul 2025

    1957 Impressions

    1 Retweet

    9 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  48. حتما گوگل کرومتون رو آپدیت کنید! یه باگ خطرناک (CVE-2025-6554) توی کروم پیدا شده که باعث میشه هکر فقط با باز کردن یه سایت آلوده بتونه هر کدی دلش خواست روی سیستمتون

    @awmiriiw

    3 Jul 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 2025-07-02 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2025-6554 POC.js · GitHub https://t.co/UlzJOc55Yw https://t.co/Nz3F9lmDtJ

    @motikan2010

    3 Jul 2025

    267 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-6554 #Google Chromium V8 Type Confusion Vulnerability https://t.co/t0c8SOyDoO

    @ScyScan

    2 Jul 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations