Skip to content
logo The magazine for digital lifestyle and entertainment
Actively Exploited

Major Security Flaw in Google Chrome: Update Urgently Needed

Google Chrome Logo on a Smartphone
Scammers have exploited a security flaw in Google Chrome. An update is expected to provide a solution. Photo: SOPA Images/LightRocket via Getty Images

July 2, 2025, 9:56 am | Read time: 2 minutes

Google has closed a dangerous security vulnerability in the Chrome browser that attackers had already exploited. Initially, the flaw was mitigated with a quick interim solution, followed shortly by a complete update for all supported devices.

Share article

Following reports of targeted attacks, a serious security flaw in Google’s Chrome browser was revealed in the middle of last week. Before releasing detailed technical information, Google responded with an initial protective measure. A few days later, a comprehensive Google Chrome update was rolled out for all supported devices. The vulnerability was so severe that merely visiting a manipulated website was enough to compromise a system—without any further action from users. This is already the fourth such incident this year.

Technical Details on the Google Chrome Security Flaw

The vulnerability—discovered by Google’s security group TAG—is a so-called “Type Confusion” error within the JavaScript and WebAssembly engine V8, as Google announced on its blog. In this case, the browser incorrectly interprets data as a different type, allowing access to memory areas outside the intended range.

Attackers can exploit this to execute code or read sensitive data. The error has been registered under the identifier CVE-2025-6554, but a CVSS system rating is not yet available.

Available Security Updates

Google has already released new versions of the Chrome browser to close the gap. The secured versions are: 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, 138.0.7204.96 for Linux, 138.0.7204.63 for Android, and 138.0.7204.119 for iOS. The Extended Stable versions for macOS and Windows have also been updated accordingly. Users of other Chromium-based browsers, such as Microsoft Edge or Opera, should also expect updates soon.

Read also: Chrome Disables Extensions—What Users Can Do

Urgent Update Recommendation

Since the flaw is being actively exploited, Google advises a prompt Chrome update. The update can be checked and manually initiated via the “About Google Chrome” function in the menu under “Help.”

For companies with centrally managed systems, automated distribution and control of browser versions is recommended. Google notes that details of the vulnerability are being withheld for now to avoid further risk to other projects using the same code.

More on the topic

Increase in Active Attacks on Browser Vulnerabilities

With CVE-2025-6554, Google has already disclosed the fourth zero-day security flaw in Chrome this year that fraudsters have actively exploited. In previous months, the company had already released similar emergency updates, including for vulnerabilities specifically used for espionage attacks on government institutions and journalists.

In 2024 alone, Google closed ten zero-day vulnerabilities. This trend highlights how attractive browser vulnerabilities remain for targeted attacks and underscores the importance of regular security updates.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

Topics Browser Chrome Google Internet News Security
You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.