CVE-2025-6554

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 138.0.7204.96 Microsoft Edge (Chromium-based) versions prior to 138.0.7204.96 Opera versions prior to 138.0.7204.96 Chromium versions prior to 138.0.7204.96

Description Google Chrome’s V8 JavaScript engine contains a type confusion vulnerability (CVE-2025-6554). This flaw allows a remote attacker to perform arbitrary read/write operations via a crafted HTML page. Exploitation of this vulnerability is actively observed in the wild, with reports indicating its use in phishing attacks targeting cryptocurrency wallets and potential for remote code execution (RCE). The vulnerability is a type confusion issue in the V8 engine, potentially leading to sandbox escapes. Attackers can leverage this flaw to leak memory information and achieve arbitrary read/write capabilities within the V8 sandbox. The vulnerability affects not only Chrome but also Chromium-based browsers like Microsoft Edge and Opera.

Recommendations Update Google Chrome to version 138.0.7204.96 or later. Update Microsoft Edge to version 138.0.7204.96 or later. Update Opera to version 138.0.7204.96 or later. Update Chromium to version 138.0.7204.96 or later.