Updates have been issued by Google to resolve an actively exploited zero-day vulnerability impacting its Chrome browser, tracked as CVE-2025-6554, which is the fourth Chrome zero-day addressed by Google so far this year, The Hacker News reports.
Highly-targeted intrusions involving the type confusion flaw within the V8 JavaScript and WebAssembly Engine may have been deployed by state-sponsored attackers or cyberespionage operations, according to Google Threat Analysis Group researcher Clement Lecigne, who identified and reported the issue on June 25. Despite acknowledging the presence of the exploit, Google has not provided more information regarding the security defect. Windows, macOS, and Linux users, especially those dealing with highly sensitive data, have been urged to upgrade their Chrome browsers to versions 138.0.7204.96/.97, 138.0.7204.92/.93, and 138.0.7204.96, respectively. Such a flaw should also prompt immediate application of patches among users of Microsoft Edge, Opera, Vivaldi, and other Chromium-based browsers.
Highly-targeted intrusions involving the type confusion flaw within the V8 JavaScript and WebAssembly Engine may have been deployed by state-sponsored attackers or cyberespionage operations, according to Google Threat Analysis Group researcher Clement Lecigne, who identified and reported the issue on June 25. Despite acknowledging the presence of the exploit, Google has not provided more information regarding the security defect. Windows, macOS, and Linux users, especially those dealing with highly sensitive data, have been urged to upgrade their Chrome browsers to versions 138.0.7204.96/.97, 138.0.7204.92/.93, and 138.0.7204.96, respectively. Such a flaw should also prompt immediate application of patches among users of Microsoft Edge, Opera, Vivaldi, and other Chromium-based browsers.
