CVE-2025-6554
Published Jun 30, 2025
Last updated 14 days ago
AI description
CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.
- Description
- Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium V8 Type Confusion Vulnerability
- Exploit added on
- Jul 2, 2025
- Exploit action due
- Jul 23, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- chrome-cve-admin@google.com
- CWE-843
- Hype score
- Not currently trending
CVE-2025-6554 marks the fifth actively exploited #Chrome Zero-Day patched by Google in 2025 https://t.co/iu1nF0Wm9p #securityaffairs #hacking
@securityaffairs
16 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ChromeやEdgeなどのJavaScriptエンジン「V8」に重大なゼロデイ(CVE-2025-6554) 既に悪用されているとCISAが認定。即時のアップデート推奨。 https://t.co/ohPlh29Jri
@shampoo_101_
14 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
nu11secur1ty: CVE-2025-6554 - Chromium 138.0.7204.96 Build & Exp... https://t.co/w4q0OrNqdQ
@nu11secur1ty1
14 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google ChromeとMicrosoft Edgeが攻撃を受けている。最新のゼロデイ脆弱性(CVE-2025-6554)はグーグル自身の脅威分析グループ(TAG。Threat Analysis Group)によって発見され、「全ユーザ... #GoogleChrome #MicrosoftEdge https://t.co/
@_8AS1_
14 Jul 2025
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【セキュリティニュース】 Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 https://t.co/7CQP77hhGd cybernote
@BADBEAR112919
13 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
13 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
12 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
11 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Wait a moment — There's a Critical Vulnerability (CVE-2025-6554) You Need to Know A zero-day vulnerability in Chrome’s V8 engine (CVE-2025-6554) has been actively exploited in the wild. This type confusion flaw allows remote attackers to execute arbitrary read/write h
@RoxyBrowser
11 Jul 2025
32 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
0 Quotes
Google ChromeとMicrosoft Edgeが攻撃を受けている。最新のゼロデイ脆弱性(CVE-2025-6554)はグーグル自…… → このリストにあるChrome・Edgeの拡張機能をすぐに削除せよ https://t.co/n4JipzMsiH
@forbesjapan
11 Jul 2025
18965 Impressions
5 Retweets
14 Likes
19 Bookmarks
0 Replies
2 Quotes
I just APT proofed Brave on a ryzen 8700g with pkey v8. CVE-2025-6554 variants in working chain now fail
@AbcXyz03921267
10 Jul 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Just noticed my Brave seems to not automatically (nor notify) about the chromium CVE-2025-6554 security update -at least for me 🤷♂️-, beware and update manually (brave://settings/help)!
@m411k_
10 Jul 2025
159 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
9 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Immediate Action Required: Google Chrome Zero-Day Flaw Under Active Exploitation (CVE-2025-6554) https://t.co/yK9aIvqIeD
@KevinLo49983937
8 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualización de seguridad de Grafana ❗CVE-2025-5959 ❗CVE-2025-6554 ❗CVE-2025-6191 ❗CVE-2025-6192 ➡️Más info: https://t.co/2S1ixNursX https://t.co/OSZYPAZotS
@CERTpy
8 Jul 2025
118 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CybersecurityNEWS🔴👨💻👾 Vulnerabilidad Zero-Day en Google Chrome registrada como CVE-2025-6554, afecta al motor de JavaScript y WebAssembly (V8) Ver más: https://t.co/Lpfsabwjta #ciberseguridad #DevelNews https://t.co/CJV7UNIkbA
@develsecurity
8 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana Patches Chromium Bugs including a Zero-Day Exploited Grafana has released security updates to fix four high-severity vulnerabilities in the Chromium library used by its Image Renderer plugin and Synthetic Monitoring Agent. The most critical, CVE-2025-6554, is a type of h
@dCypherIO
8 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana has released patches for four high-severity Chromium vulnerabilities, including CVE-2025-6554, a type confusion flaw exploited in the wild. Addresses remote code execution & memory issues in Image Renderer & Monitoring Agent. 🚨 #Cyber #Vulnerabi… https://t.co
@TweetThreatNews
7 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Edgeに深刻な2件の脆弱性(CVE-2025-6554,CVE-2025-49713) #セキュリティ対策Lab #セキュリティ #Security https://t.co/1NCCAPW9Ia
@securityLab_jp
6 Jul 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Google releases emergency Chrome update to fix zero-day vulnerability CVE-2025-6554. Restart your browser now. #CyberSecurity #ZeroDay https://t.co/QH25w3OWj0 https://t.co/AWIDrdQm7E
@CyberHub_blog
6 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6554 (0day in V8) My version PoC https://t.co/JDGAjKPXOE
@windz3r0day
6 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
6 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨URGENT: Chrome Zero-Day, CVE-2025-6554, Actively Exploited A critical type confusion vulnerability was discovered in Chrome’s V8 JavaScript engine (versions prior to 138.0.7204.96). This flaw allows arbitrary memory read/write via specially crafted HTML, potentially leadi
@datareaper3319
6 Jul 2025
124 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 July 4th Cyber Alert:🚨 In the last 48 hrs: 🛫 Qantas breach exposed 6M users via phone scam 🌐 Chrome zero-day patched (CVE-2025-6554) 🔐 Use MFA, update your browser, and don’t trust unknown calls. 📰 https://t.co/1nyCijJG8T #CyberSafety #SafeCyberSurfer
@safecybersurfer
6 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
6 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
גוגל משחררת עדכון לכרום הסוגר חולשה המנוצלת בפועל ע"י תוקפים בעולם (CVE-2025-6554) הגרסאות התקינות הן: - 138.0.7204.96/.97 for Windows - 138.0.7204.92/.93 for Mac - 138.0.7204.92 for Linux תודה לנתי
@CyberIL
5 Jul 2025
223 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-6554 parchada en V8 de Chrome: si aún no has reiniciado, tú mismo abres la puerta al exploit. 😏 ¿Vas a esperar a ser el próximo bombardeado? #ZeroDay #ChromeUpdate https://t.co/3LuPph6dCv
@gorkaelbochi
5 Jul 2025
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update Jul 01, 2025 https://t.co/m6elz1ac53
@tdatwja
5 Jul 2025
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
5 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【セキュリティニュース】 Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 https://t.co/7CQP77gJQF cybernote
@BADBEAR112919
5 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome Zero-Day CVE-2025-6554 is currently being exploited. Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page I advise anyone running Chrome to update ASAP. https://t.co/a9yUOlmZs0
@Neoviser
5 Jul 2025
70 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Chromeに深刻な脆弱性「CVE-2025-6554」 急ぎアップデートを:セキュリティニュースアラート - ITmedia エンタープライズ https://t.co/ivXQU4TaOb
@Luke06121
5 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
5 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 ¡Alerta de seguridad crítica! Se ha reportado la vulnerabilidad CVE-2025-6554 con severidad CRÍTICA (9.1) y otra variante con bajo riesgo (2.3). 🔍 Evalúa tu exposición y actualiza sistemas. Compunet te ayuda a anticiparte. #Ciberseguridad #Vulnerabilidades #Compunet
@CompunetChile
4 Jul 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【セキュリティニュース】 Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 https://t.co/7CQP77hhGd cybernote
@BADBEAR112919
4 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-6554
@transilienceai
4 Jul 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📢Google ออกแพตช์แก้ไขช่องโหว่ CVE-2025-6554 บน Chrome #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/vBWg6tFgbd
@ThaiCERTByNCSA
4 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana security update: Critical severity security release for CVE-2025-5959, CVE-2025-6554, CVE-2025-6191 and CVE-2025-6192 in Grafana Image Renderer plugin and Synthetic Monitoring Agent https://t.co/uPsVTHqxWX #patchmanagement
@eyalestrin
4 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The Cyber Intel Brief is live! 🚨 This week, suspected nation-state threat actors wasted no time exploiting a Chrome zero-day (CVE-2025-6554). Iranian cyber operations are escalating, AI-enhanced malware evasion techniques emerge and Scattered Spider is hitting aviation.
@Authentic8
3 Jul 2025
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top news this week: 🗞️ Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update 🗞️ Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover 🗞️ Over 260K exposed in St. Louis healthcare hack https://t.co/Q0fWNcWH
@Blue_INK_Sec
3 Jul 2025
47 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Don’t use chrome… but if you do make sure to update it. Confirmed cases of nation-states using CVE-2025-6554 have surfaced
@chrisfrazier0
3 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Срочно обновите Chrome: обнаружена критическая уязвимость! 🛡 Google выпустила важное обновление Chrome версии 138.0.7204.49 — там закрыли сразу 11 уязвимостей, вкл
@_netliner_
3 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Edgeが5件の脆弱性を修正|CVE-2025-6554はすでに攻撃確認 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/FDjTvl3XxD
@CyberNote_media
3 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Important security update: @opera , @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-6554. Update now to the latest versions: Opera One (120.0.5543.38) Opera GX (119.0.5497.163) Opera ht
@Opera_Security
3 Jul 2025
108 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta crítica en Chrome y navegadores Chromium! 🛡️ Actualiza ahora para evitar ataques con la vulnerabilidad CVE-2025-6554. #Ciberseguridad #Chrome #Actualización #OKSAP #oksapelias #IA https://t.co/TUgzJJPZNd
@oksap_spain
3 Jul 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available https://t.co/ZVAJ5WsooV
@samilaiho
3 Jul 2025
996 Impressions
3 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
An exploit for CVE-2025-6554 exists in the wild #Chrome https://t.co/MuFV0BkpiK
@blackorbird
3 Jul 2025
1957 Impressions
1 Retweet
9 Likes
2 Bookmarks
1 Reply
0 Quotes
حتما گوگل کرومتون رو آپدیت کنید! یه باگ خطرناک (CVE-2025-6554) توی کروم پیدا شده که باعث میشه هکر فقط با باز کردن یه سایت آلوده بتونه هر کدی دلش خواست روی سیستمتون
@awmiriiw
3 Jul 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2025-07-02 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2025-6554 POC.js · GitHub https://t.co/UlzJOc55Yw https://t.co/Nz3F9lmDtJ
@motikan2010
3 Jul 2025
267 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-6554 #Google Chromium V8 Type Confusion Vulnerability https://t.co/t0c8SOyDoO
@ScyScan
2 Jul 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A92F452-E80D-4C80-BE35-7CEC05DC959A",
"versionEndExcluding": "138.0.7204.96"
}
],
"operator": "OR"
}
]
}
]