CVE-2025-6554

Published Jun 30, 2025

Last updated 2 days ago

Google Chrome V8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.

Description
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Received

Weaknesses

chrome-cve-admin@google.com
CWE-843

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

59

  1. ⚡️ 0-Day Alert - Google Chrome exploit in the wild CVE-2025-6554: TheHole leak Patched in Chrome Stable channel 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac and 138.0.7204.92 for Linux https://t.co/Mm0OZxBjUh

    @zerodaytraining

    2 Jul 2025

    2 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. https://t.co/au5G6L5oUt

    @NowDecoded

    2 Jul 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Chrome V8 engine has a zero-day vulnerability (CVE-2025-6554) that allows remote code execution through crafted webpages. The PoC code is public, enabling attacks like "watering hole" or phishing. Users are urged to upgrade to the latest Chrome version to avoid asset losses.

    @kejijim_agent

    2 Jul 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Google、Chromeのゼロデイ脆弱性「CVE-2025-6554」を緊急修正–ただちにアップデートを https://t.co/sFnfnfWAm2 #izumino_trend

    @sec_trend

    2 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️Google、Chromeのゼロデイ脆弱性CVE-2025-6554に対するセキュリティアップデートを公開 🔨Linuxコマンド「sudo」におけるローカル権限昇格の脆弱性が修正される(CVE-2025-32462、CVE-2025-32463) 〜サイバーアラート

    @MachinaRecord

    2 Jul 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 谷歌推出 #Chrome 紧急安全更新 138.0.7204.97 等版本修复 CVE-2025-6554 漏洞,该漏洞已经遭到黑客的利用。此漏洞属于 v8 引擎中的类型混淆错误,黑客使用特制网页诱导用户访问即可远程在内存中执行任意读写操作,包

    @landiantech

    2 Jul 2025

    78 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 慢雾 CISO @im23pds 发推提醒 ChromeV8 引擎漏洞 CVE-2025-6554 允许攻击者通过精心构造的网页运行恶意代码,目前相关利用 PoC 已经公开,正在被利用,用户需注意升级,避免钓鱼攻击导致资产损失。 #蓝V互关 https://t.co/a

    @ethsvip

    2 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) https://t.co/Kc1iJpH7cV

    @ZeroDayFacts

    2 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 吴说获悉,慢雾 CISO @im23pds 发文提醒,Chrome V8 引擎近日曝出零日漏洞 CVE-2025-6554,该漏洞已被在野利用,允许攻击者通过精心构造的网页远程执行恶意代码。当前相关利用代码(PoC)已公开,攻击者可借此实施“

    @wublockchain12

    2 Jul 2025

    6216 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. آسیب‌پذیری فعال با شدت بالا: - اشکال Type confusion در V8 کرومیوم - گوگل کروم قبل از نسخه 138.0.7204.96 مهاجم می‌تونه از طریق یک صفحه HTML طراحی‌شده، دسترسی خواندن/نوشتن

    @YaserShahi

    1 Jul 2025

    7 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  11. CVE-2025-6554: Falla crítica en V8 de Chrome permite leer/escribir memoria. Ya fue explotada. Google la mitigó el 26 de junio. https://t.co/vX3u1TXRxD

    @CompunetChile

    1 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ⚠️Vulnerabilidad en Google Chrome ❗CVE-2025-6554 ➡️Más info: https://t.co/FBeG9SyNp3 https://t.co/cMih1KB8TF

    @CERTpy

    1 Jul 2025

    280 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Google Patches Critical #ZeroDay Flaw in Chrome’s V8 Engine After Active Exploitation The zero-day #vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. https://t.co/Zj81YkVUgx

    @SecurityFoundry

    1 Jul 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Chrome Zero-Day Vulnerability (CVE-2025-6554)– Update Now! Google found CVE-2025-6554, a serious bug in Chrome’s V8 engine. Update Chrome immediately to stay safe. #CybersecurityNews #ChromeUpdate #ZeroDay #Big3Infosec https://t.co/X29m9VYKzT

    @big3infosec

    1 Jul 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Google patches 4th Chrome zero-day of 2025! CVE-2025-6554, a type confusion flaw in V8 engine, allowed attackers to exploit users via crafted web pages. Update Chrome now! Affects versions before 138.0.7204.96. #CyberSecurity #ZeroDay #GoogleChrome https://t.co/AACuqan53Q ht

    @Empist

    1 Jul 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-6554: Google Patches Actively Exploited Chrome Zero-Day #ChromeUpdate #ZeroDayExploit #CVE20256554 #CyberSecurity #BrowserSecurity #GooglePatch #InfoSec #VulnerabilityAlert #UpdateNow https://t.co/hyjZPvbuEC

    @cyashadotcom

    1 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 A new Chrome zero-day is already being exploited in the wild. Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page. It targets Chrome’s V8 engine—again.njv https://t.co/gaz4D2Tlgx

    @isisathio

    1 Jul 2025

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Une nouvelle faille zero-day affecte Google Chrome (CVE-2025-6554) ! Cette vulnérabilité critique, située dans le moteur JavaScript V8, est déjà exploitée dans la nature. https://t.co/pDAAyimWn2 #cybersecurite #Infosec #zeroday #googlechrome #CVE2025 https://t.co/pD

    @ITConnect_fr

    1 Jul 2025

    1074 Impressions

    11 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. Google、2025年4番目の積極的に悪用されるChromeゼロデイを修正 ・ CVE-2025-6554:Chrome V8 JavaScriptエンジンのタイプ混同脆弱性 ・ 高重要度の脆弱性で、攻撃者が任意のコードを実行する可能性 ・ Googleが6月26日に緊

    @taksasDESUYO

    1 Jul 2025

    314 Impressions

    0 Retweets

    12 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Chrome 138 Update Patches Zero-Day Vulnerability Google has patched a high-severity Chrome vulnerability, CVE-2025-6554, a type confusion flaw in the V8 JavaScript engine, actively exploited in the wild. The bug, reported on June 25 by Clement Lecigne of Google’s Threat Analys

    @dCypherIO

    1 Jul 2025

    89 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  21. Google has released emergency updates for a Chrome zero-day vulnerability (CVE-2025-6554) exploited in attacks, marking the fourth flaw fixed this year, targeting high-risk individuals with spyware. #Security #Google https://t.co/UiSKnMcIwp

    @Strivehawk

    1 Jul 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Google just patched a critical zero-day in Chrome’s V8 engine — CVE-2025-6554, actively exploited in the wild. A type confusion bug lets attackers leak V8's internal TheHole value via optional chaining + TDZ — opening doors to memory corruption & RCE https://t.co/u05S

    @AbbasMohieddin

    1 Jul 2025

    14 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Chrome 0-Day Exploited in the Wild – Patch Now! CVE-2025-6554 lets attackers run code via Chrome’s V8 engine 🔄 Update to the latest version via Settings > About Chrome ASAP 📖 Read more: https://t.co/0av1Kw7Ig3 #CyberSecurity #ChromeUpdate #Infosec #PatchNow #G

    @techpio_team

    1 Jul 2025

    83 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 📌 قامت جوجل بإصدار تحديثات أمنية لمعالجة ثغرة حرجة في متصفح كروم يُستغل حاليًا. تُعرف الثغرة، المسماة CVE-2025-6554، بأنها خلل من نوع "التشويش على النوع" في محر

    @Cybercachear

    1 Jul 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨Chrome Zero-day Alert: PATCH NOW‼️ Google has patched a critical zero-day vulnerability in Chrome, identified as CVE-2025-6554, which was actively exploited in the wild. The flaw is a type confusion issue in the V8 JavaScript and WebAssembly engine, allowing remote att

    @H4ckmanac

    1 Jul 2025

    12959 Impressions

    42 Retweets

    67 Likes

    22 Bookmarks

    2 Replies

    2 Quotes

  26. 🚨 A new Chrome zero-day is already being exploited in the wild. Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page. It targets Chrome’s V8 engine—again. Update now → https://t.co/vgCUJURQQj

    @TheHackersNews

    1 Jul 2025

    25874 Impressions

    85 Retweets

    196 Likes

    39 Bookmarks

    2 Replies

    11 Quotes

  27. Google has released a Chrome update to patch CVE-2025-6554, a critical flaw in the V8 engine allowing remote code execution. This is the fourth actively exploited Chrome vulnerability. Stay protected. 🚨 #SecurityUpdate #BrowserSafety #US https://t.co/gKIcc1K4Wg

    @TweetThreatNews

    1 Jul 2025

    133 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: https://t.co/BYk7k8FAxL https://t.co/tZw8e1uIJh

    @DarkNavyOrg

    1 Jul 2025

    12886 Impressions

    39 Retweets

    127 Likes

    79 Bookmarks

    5 Replies

    1 Quote

  29. 🚨 CVE-2025-6554: High-severity type confusion vuln in Chrome V8 (pre-138.0.7204.96) allows arbitrary memory access via crafted HTML. Exploit detected in the wild — update now! #CyberSecurity #Vulmon https://t.co/fQuqQoDOjQ https://t.co/mWojqanR5i

    @vulmoncom

    1 Jul 2025

    829 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  30. Google Chrome 138.0.7204.96 / .97 korrigiert eine Sicherheitslücke (CVE-2025-6554) als Exploit Google Chrome hat gestern ein neues Update für den Chrome Browser bereitgestellt. Dabei handelt es s... https://t.co/iDHCsmrBn8

    @deskmodder

    1 Jul 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Google Issues Critical Chrome Update Amid Active Security Exploits. 🚨 Google just released an emergency Chrome update to fix a dangerous security flaw (CVE-2025-6554) actively being exploited in real-world attacks. 💻 The bug affects Chrome’s V8 JavaScript engine and cou

    @justtmd_com

    1 Jul 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Neon Security Patch 2025-001 has been issued to these platforms: dreamOS 3 beta 6 tabOS 3 beta 6 rubyOS Clover 3 beta 6 spatialOS 5 beta 6 This NSP fixes a very severe web exploit in the Apex browser: CVE-2025-6554 https://t.co/ggPP1ZpLkl

    @Neon_corp

    1 Jul 2025

    136 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. [NA][427663123][itw] High CVE-2025-6554: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-06-25. This issue was mitigated on 2025-06-26 by a configuration change pushed out to Stable channel across all platforms. https://t.co/Wdr7ozg4F

    @BugsAggregator

    1 Jul 2025

    832 Impressions

    1 Retweet

    6 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  34. The fix for Google Chrome V8 In-The-Wild Type Confusion vulnerability in interpreter bytecode generator (CVE-2025-6554 [427663123]): https://t.co/aaGjKIhv74 Further hardening: https://t.co/VWuiRND1yB

    @hosselot

    1 Jul 2025

    3253 Impressions

    11 Retweets

    43 Likes

    20 Bookmarks

    2 Replies

    0 Quotes

  35. CVE-2025-6554 Type Confusion Vulnerability in Google Chrome V8 Enables Arbitrary Memory Access https://t.co/x2iw524rcl

    @VulmonFeeds

    1 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. CVE-2025-6554 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security sever… https://t.co/AQLWUx0Qoc

    @CVEnew

    30 Jun 2025

    395 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes