**Name of the Vulnerable Software and Affected Versions:**

Google Chrome versions prior to 138.0.7204.96

**Description:**

A type confusion vulnerability exists in the V8 JavaScript engine in Google Chrome, prior to version 138.0.7204.96. This flaw allows a remote attacker to perform arbitrary read/write operations via a crafted HTML page, potentially leading to remote code execution (RCE). The vulnerability is actively exploited in the wild, and a proof-of-concept (PoC) exploit is publicly available. This vulnerability has been designated CVE-2025-6554 and is actively being exploited by threat actors, including nation-state actors. The vulnerability is also present in Chromium-based browsers such as Microsoft Edge and Opera.

**Recommendations:**

Update Google Chrome to version 138.0.7204.96 or later.

Update Chromium-based browsers to the latest available version.