**Name of the Vulnerable Software and Affected Versions**

Google Chrome versions prior to 138.0.7204.96

**Description**

A type confusion vulnerability exists in the V8 JavaScript engine in Google Chrome, prior to version 138.0.7204.96. This flaw allows a remote attacker to perform arbitrary read/write operations via a crafted HTML page. This vulnerability is actively exploited in the wild and has been observed being used to target high-risk individuals with spyware. The vulnerability allows attackers to execute arbitrary code, potentially leading to remote code execution (RCE). Exploitation has been observed through phishing sites targeting cryptocurrency wallet data.

**Recommendations**

Update Google Chrome to version 138.0.7204.96 or later.