Back to KEVs

CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page....

Basic Information

CVE State
PUBLISHED
Reserved Date
June 23, 2025
Published Date
June 30, 2025
Last Updated
July 17, 2025
Vendor
Google
Product
Chrome
Description
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Tags
cisa

CVSS Scores

CVSS v3.1

8.1 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score

Score
1.41% (Percentile: 79.65%) as of 2025-07-17

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-07-01 07:30:34 UTC) Source

References

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html https://issues.chromium.org/issues/427663123

Known Exploited Vulnerability Information

Source Added Date
CyberInsider 2025-07-01 07:30:28 UTC

Recent Mentions

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Source: TheHackerNews • Published: 2025-07-01 08:55:00 UTC

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation

Source: TheHackerNews • Published: 2025-07-01 08:55:00 UTC

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

Google Patches Actively Exploited V8 Vulnerability in Chrome

Source: CyberInsider • Published: 2025-07-01 07:26:48 UTC

Google has shipped a security update for Chrome addressing a high-severity vulnerability in the V8 JavaScript engine that is already being exploited in the wild. Tracked as CVE-2025-6554, the flaw is categorized as a type confusion issue in V8 and was reported on June 25, 2025, by Clément Lecigne of Google’s Threat Analysis Group (TAG). … The post Google Patches Actively Exploited V8 Vulnerability in Chrome appeared first on CyberInsider.

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel