July 2, 2025, 9:56 am | Read time: 2 minutes
Google has closed a dangerous security vulnerability in the Chrome browser that attackers had already exploited. Initially, the flaw was mitigated with a quick interim solution, followed shortly by a complete update for all supported devices.
Following reports of targeted attacks, a serious security flaw in Google’s Chrome browser was revealed in the middle of last week. Before releasing detailed technical information, Google responded with an initial protective measure. A few days later, a comprehensive Google Chrome update was rolled out for all supported devices. The vulnerability was so severe that merely visiting a manipulated website was enough to compromise a system—without any further action from users. This is already the fourth such incident this year.
Technical Details on the Google Chrome Security Flaw
The vulnerability—discovered by Google’s security group TAG—is a so-called “Type Confusion” error within the JavaScript and WebAssembly engine V8, as Google announced on its blog. In this case, the browser incorrectly interprets data as a different type, allowing access to memory areas outside the intended range.
Attackers can exploit this to execute code or read sensitive data. The error has been registered under the identifier CVE-2025-6554, but a CVSS system rating is not yet available.
Available Security Updates
Google has already released new versions of the Chrome browser to close the gap. The secured versions are: 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, 138.0.7204.96 for Linux, 138.0.7204.63 for Android, and 138.0.7204.119 for iOS. The Extended Stable versions for macOS and Windows have also been updated accordingly. Users of other Chromium-based browsers, such as Microsoft Edge or Opera, should also expect updates soon.
Read also: Chrome Disables Extensions—What Users Can Do
Urgent Update Recommendation
Since the flaw is being actively exploited, Google advises a prompt Chrome update. The update can be checked and manually initiated via the “About Google Chrome” function in the menu under “Help.”
For companies with centrally managed systems, automated distribution and control of browser versions is recommended. Google notes that details of the vulnerability are being withheld for now to avoid further risk to other projects using the same code.

Google Closes Android Security Vulnerability Exploited by Hackers

iOS 18.3.2 Is Here — Should I Install the Update Straight Away?

Critical Chip Security Flaws Threaten Numerous Smartphones
Increase in Active Attacks on Browser Vulnerabilities
With CVE-2025-6554, Google has already disclosed the fourth zero-day security flaw in Chrome this year that fraudsters have actively exploited. In previous months, the company had already released similar emergency updates, including for vulnerabilities specifically used for espionage attacks on government institutions and journalists.
In 2024 alone, Google closed ten zero-day vulnerabilities. This trend highlights how attractive browser vulnerabilities remain for targeted attacks and underscores the importance of regular security updates.