CVE-2025-6554
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page....
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 23, 2025
- Published Date
- June 30, 2025
- Last Updated
- July 30, 2025
- Vendor
- Product
- Chrome
- Description
- Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- Tags
- Score
- 0.20% (Percentile: 42.00%) as of 2025-07-29
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-07-01 07:30:34 UTC) Source
cisa
CVSS Scores
CVSS v3.1
8.1 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CyberInsider | 2025-07-01 07:30:28 UTC |
Recent Mentions
Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update
Source: TheHackerNews • Published: 2025-07-01 08:55:00 UTC
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.
The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.
"Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary
Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation
Source: TheHackerNews • Published: 2025-07-01 08:55:00 UTC
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.
The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.
"Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary
Google Patches Actively Exploited V8 Vulnerability in Chrome
Source: CyberInsider • Published: 2025-07-01 07:26:48 UTC
Google has shipped a security update for Chrome addressing a high-severity vulnerability in the V8 JavaScript engine that is already being exploited in the wild. Tracked as CVE-2025-6554, the flaw is categorized as a type confusion issue in V8 and was reported on June 25, 2025, by Clément Lecigne of Google’s Threat Analysis Group (TAG). …
The post Google Patches Actively Exploited V8 Vulnerability in Chrome appeared first on CyberInsider.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel