CVE-2025-6554
Published Jun 30, 2025
Last updated 2 days ago
AI description
CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.
- Description
- Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Received
- chrome-cve-admin@google.com
- CWE-843
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
59
⚡️ 0-Day Alert - Google Chrome exploit in the wild CVE-2025-6554: TheHole leak Patched in Chrome Stable channel 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac and 138.0.7204.92 for Linux https://t.co/Mm0OZxBjUh
@zerodaytraining
2 Jul 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. https://t.co/au5G6L5oUt
@NowDecoded
2 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome V8 engine has a zero-day vulnerability (CVE-2025-6554) that allows remote code execution through crafted webpages. The PoC code is public, enabling attacks like "watering hole" or phishing. Users are urged to upgrade to the latest Chrome version to avoid asset losses.
@kejijim_agent
2 Jul 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google、Chromeのゼロデイ脆弱性「CVE-2025-6554」を緊急修正–ただちにアップデートを https://t.co/sFnfnfWAm2 #izumino_trend
@sec_trend
2 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Google、Chromeのゼロデイ脆弱性CVE-2025-6554に対するセキュリティアップデートを公開 🔨Linuxコマンド「sudo」におけるローカル権限昇格の脆弱性が修正される(CVE-2025-32462、CVE-2025-32463) 〜サイバーアラート
@MachinaRecord
2 Jul 2025
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
谷歌推出 #Chrome 紧急安全更新 138.0.7204.97 等版本修复 CVE-2025-6554 漏洞,该漏洞已经遭到黑客的利用。此漏洞属于 v8 引擎中的类型混淆错误,黑客使用特制网页诱导用户访问即可远程在内存中执行任意读写操作,包
@landiantech
2 Jul 2025
78 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
慢雾 CISO @im23pds 发推提醒 ChromeV8 引擎漏洞 CVE-2025-6554 允许攻击者通过精心构造的网页运行恶意代码,目前相关利用 PoC 已经公开,正在被利用,用户需注意升级,避免钓鱼攻击导致资产损失。 #蓝V互关 https://t.co/a
@ethsvip
2 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) https://t.co/Kc1iJpH7cV
@ZeroDayFacts
2 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
吴说获悉,慢雾 CISO @im23pds 发文提醒,Chrome V8 引擎近日曝出零日漏洞 CVE-2025-6554,该漏洞已被在野利用,允许攻击者通过精心构造的网页远程执行恶意代码。当前相关利用代码(PoC)已公开,攻击者可借此实施“
@wublockchain12
2 Jul 2025
6216 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
آسیبپذیری فعال با شدت بالا: - اشکال Type confusion در V8 کرومیوم - گوگل کروم قبل از نسخه 138.0.7204.96 مهاجم میتونه از طریق یک صفحه HTML طراحیشده، دسترسی خواندن/نوشتن
@YaserShahi
1 Jul 2025
7 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-6554: Falla crítica en V8 de Chrome permite leer/escribir memoria. Ya fue explotada. Google la mitigó el 26 de junio. https://t.co/vX3u1TXRxD
@CompunetChile
1 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en Google Chrome ❗CVE-2025-6554 ➡️Más info: https://t.co/FBeG9SyNp3 https://t.co/cMih1KB8TF
@CERTpy
1 Jul 2025
280 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Patches Critical #ZeroDay Flaw in Chrome’s V8 Engine After Active Exploitation The zero-day #vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. https://t.co/Zj81YkVUgx
@SecurityFoundry
1 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome Zero-Day Vulnerability (CVE-2025-6554)– Update Now! Google found CVE-2025-6554, a serious bug in Chrome’s V8 engine. Update Chrome immediately to stay safe. #CybersecurityNews #ChromeUpdate #ZeroDay #Big3Infosec https://t.co/X29m9VYKzT
@big3infosec
1 Jul 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google patches 4th Chrome zero-day of 2025! CVE-2025-6554, a type confusion flaw in V8 engine, allowed attackers to exploit users via crafted web pages. Update Chrome now! Affects versions before 138.0.7204.96. #CyberSecurity #ZeroDay #GoogleChrome https://t.co/AACuqan53Q ht
@Empist
1 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6554: Google Patches Actively Exploited Chrome Zero-Day #ChromeUpdate #ZeroDayExploit #CVE20256554 #CyberSecurity #BrowserSecurity #GooglePatch #InfoSec #VulnerabilityAlert #UpdateNow https://t.co/hyjZPvbuEC
@cyashadotcom
1 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A new Chrome zero-day is already being exploited in the wild. Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page. It targets Chrome’s V8 engine—again.njv https://t.co/gaz4D2Tlgx
@isisathio
1 Jul 2025
6 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Une nouvelle faille zero-day affecte Google Chrome (CVE-2025-6554) ! Cette vulnérabilité critique, située dans le moteur JavaScript V8, est déjà exploitée dans la nature. https://t.co/pDAAyimWn2 #cybersecurite #Infosec #zeroday #googlechrome #CVE2025 https://t.co/pD
@ITConnect_fr
1 Jul 2025
1074 Impressions
11 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
Google、2025年4番目の積極的に悪用されるChromeゼロデイを修正 ・ CVE-2025-6554:Chrome V8 JavaScriptエンジンのタイプ混同脆弱性 ・ 高重要度の脆弱性で、攻撃者が任意のコードを実行する可能性 ・ Googleが6月26日に緊
@taksasDESUYO
1 Jul 2025
314 Impressions
0 Retweets
12 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome 138 Update Patches Zero-Day Vulnerability Google has patched a high-severity Chrome vulnerability, CVE-2025-6554, a type confusion flaw in the V8 JavaScript engine, actively exploited in the wild. The bug, reported on June 25 by Clement Lecigne of Google’s Threat Analys
@dCypherIO
1 Jul 2025
89 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Google has released emergency updates for a Chrome zero-day vulnerability (CVE-2025-6554) exploited in attacks, marking the fourth flaw fixed this year, targeting high-risk individuals with spyware. #Security #Google https://t.co/UiSKnMcIwp
@Strivehawk
1 Jul 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google just patched a critical zero-day in Chrome’s V8 engine — CVE-2025-6554, actively exploited in the wild. A type confusion bug lets attackers leak V8's internal TheHole value via optional chaining + TDZ — opening doors to memory corruption & RCE https://t.co/u05S
@AbbasMohieddin
1 Jul 2025
14 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chrome 0-Day Exploited in the Wild – Patch Now! CVE-2025-6554 lets attackers run code via Chrome’s V8 engine 🔄 Update to the latest version via Settings > About Chrome ASAP 📖 Read more: https://t.co/0av1Kw7Ig3 #CyberSecurity #ChromeUpdate #Infosec #PatchNow #G
@techpio_team
1 Jul 2025
83 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت جوجل بإصدار تحديثات أمنية لمعالجة ثغرة حرجة في متصفح كروم يُستغل حاليًا. تُعرف الثغرة، المسماة CVE-2025-6554، بأنها خلل من نوع "التشويش على النوع" في محر
@Cybercachear
1 Jul 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Chrome Zero-day Alert: PATCH NOW‼️ Google has patched a critical zero-day vulnerability in Chrome, identified as CVE-2025-6554, which was actively exploited in the wild. The flaw is a type confusion issue in the V8 JavaScript and WebAssembly engine, allowing remote att
@H4ckmanac
1 Jul 2025
12959 Impressions
42 Retweets
67 Likes
22 Bookmarks
2 Replies
2 Quotes
🚨 A new Chrome zero-day is already being exploited in the wild. Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page. It targets Chrome’s V8 engine—again. Update now → https://t.co/vgCUJURQQj
@TheHackersNews
1 Jul 2025
25874 Impressions
85 Retweets
196 Likes
39 Bookmarks
2 Replies
11 Quotes
Google has released a Chrome update to patch CVE-2025-6554, a critical flaw in the V8 engine allowing remote code execution. This is the fourth actively exploited Chrome vulnerability. Stay protected. 🚨 #SecurityUpdate #BrowserSafety #US https://t.co/gKIcc1K4Wg
@TweetThreatNews
1 Jul 2025
133 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: https://t.co/BYk7k8FAxL https://t.co/tZw8e1uIJh
@DarkNavyOrg
1 Jul 2025
12886 Impressions
39 Retweets
127 Likes
79 Bookmarks
5 Replies
1 Quote
🚨 CVE-2025-6554: High-severity type confusion vuln in Chrome V8 (pre-138.0.7204.96) allows arbitrary memory access via crafted HTML. Exploit detected in the wild — update now! #CyberSecurity #Vulmon https://t.co/fQuqQoDOjQ https://t.co/mWojqanR5i
@vulmoncom
1 Jul 2025
829 Impressions
1 Retweet
5 Likes
2 Bookmarks
0 Replies
1 Quote
Google Chrome 138.0.7204.96 / .97 korrigiert eine Sicherheitslücke (CVE-2025-6554) als Exploit Google Chrome hat gestern ein neues Update für den Chrome Browser bereitgestellt. Dabei handelt es s... https://t.co/iDHCsmrBn8
@deskmodder
1 Jul 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Issues Critical Chrome Update Amid Active Security Exploits. 🚨 Google just released an emergency Chrome update to fix a dangerous security flaw (CVE-2025-6554) actively being exploited in real-world attacks. 💻 The bug affects Chrome’s V8 JavaScript engine and cou
@justtmd_com
1 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Neon Security Patch 2025-001 has been issued to these platforms: dreamOS 3 beta 6 tabOS 3 beta 6 rubyOS Clover 3 beta 6 spatialOS 5 beta 6 This NSP fixes a very severe web exploit in the Apex browser: CVE-2025-6554 https://t.co/ggPP1ZpLkl
@Neon_corp
1 Jul 2025
136 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
[NA][427663123][itw] High CVE-2025-6554: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-06-25. This issue was mitigated on 2025-06-26 by a configuration change pushed out to Stable channel across all platforms. https://t.co/Wdr7ozg4F
@BugsAggregator
1 Jul 2025
832 Impressions
1 Retweet
6 Likes
3 Bookmarks
1 Reply
0 Quotes
The fix for Google Chrome V8 In-The-Wild Type Confusion vulnerability in interpreter bytecode generator (CVE-2025-6554 [427663123]): https://t.co/aaGjKIhv74 Further hardening: https://t.co/VWuiRND1yB
@hosselot
1 Jul 2025
3253 Impressions
11 Retweets
43 Likes
20 Bookmarks
2 Replies
0 Quotes
CVE-2025-6554 Type Confusion Vulnerability in Google Chrome V8 Enables Arbitrary Memory Access https://t.co/x2iw524rcl
@VulmonFeeds
1 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6554 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security sever… https://t.co/AQLWUx0Qoc
@CVEnew
30 Jun 2025
395 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes