A critical zero-day vulnerability has been identified in Google Chrome, actively exploited by hackers. Known as CVE-2025-6554, the flaw is a type confusion error in the V8 Javascript engine, potentially allowing remote attackers to execute arbitrary code through crafted HTML pages. Users with Chrome versions older than 138.0.7204.96 are at risk. Google was alerted to this issue by an internal team member, prompting a swift update to address the vulnerability. While the latest updates for Windows, Mac, and Linux users mitigate the immediate threat, this type of error has been a recurring issue, contributing to several zero-day vulnerabilities in the past. Users are advised to ensure their browsers are up to date, as other Chromium-based browsers like Microsoft Edge and Opera may also be affected.
Have hackers exploited a new Chrome zero-day vulnerability?
