Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code

Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers.

The flaw, tracked as CVE-2025-6554, is a type confusion vulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms.

The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG) on June 25, 2025. According to Google, attackers have already developed and deployed exploits targeting this flaw in the wild, prompting the company to act quickly. 

The bug allows a remote attacker to perform arbitrary read and write operations in the browser’s memory by luring users to maliciously crafted web pages. Successful exploitation could enable attackers to execute arbitrary code, potentially leading to full system compromise.

“Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company stated in its security advisory.

Zero-day vulnerabilities in browsers are highly prized by both state-sponsored actors and cybercriminals, as they can be used for espionage, data theft, and the delivery of malware.

Type confusion flaws in V8 have previously been linked to drive-by download attacks, sandbox escapes, and the installation of malicious payloads via seemingly benign websites.

To mitigate the threat, Google released security patches under Chrome versions 138.0.7204.96 and 138.0.7204.97 for Windows, 138.0.7204.92 and 138.0.7204.93 for Mac, and 138.0.7204.96 for Linux.

The update is being rolled out to users over the coming days and weeks.

Google has restricted access to detailed technical information about the bug until the majority of users have applied the fix, a standard practice aimed at preventing further exploitation.

The company urges all Chrome users to update their browsers immediately to the latest version.

Users can check for updates by navigating to the Chrome menu, selecting “Help,” and then “About Google Chrome.” The browser will automatically check for and install available updates.

This incident marks another reminder of the persistent targeting of popular web browsers by sophisticated threat actors.

Google’s TAG team, which specializes in tracking nation-state and advanced persistent threat (APT) groups, continues to monitor for signs of exploitation and urges users to remain vigilant.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates