Kyle Kucharski/ZDNET
Google has patched yet another critical security bug in Chrome, which means all of you who use the browser should update it ASAP. On Monday, the company revealed a high-severity vulnerability that could allow a remote attacker to run malicious code on your system.
In its release notes for the latest version of Chrome, Google pointed to the security flaw tagged as CVE-2025-6554. The NIST page on this one describes it as: “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.”
Also: This Google Chrome update could change the fundamentals of browsing – here’s who gets to try it first
V8 is an open-source JavaScript and WebAssembly engine that Google uses in Chrome. Here, a programming problem in the code could give a remote attacker the means to create a malicious web page designed to steal data, install malware, or take over your system. The vulnerability has already been exploited in the wild, which means the bad guys are onto it and have used it to target unsuspecting Chrome users.
This particular bug was discovered by Clément Lecigne of Google’s Threat Analysis Group on June 25. To assist with its bug-hunting efforts, Google’s researchers typically turn to such tools as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
Thankfully, Google has rolled out a fix for this flaw with the latest versions of the browser, specifically version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for the Mac, and 138.0.7204.92 for Linux.
How to update Chrome
To update Chrome, open the browser, click the three-dot icon at the top, move to Help, and select About Chrome. The program will automatically download and install the latest update. Relaunch Chrome, and you’ll be fully protected, at least until the next critical vulnerability rolls around.
Chrome does have a history of being hit by security flaws, many of them critical. Google tends to respond fairly quickly with the necessary patches. But with so many vulnerabilities and so many patches, updating the browser seems like a never-ending job. Still, any flaw that’s already been exploited in the wild should be taken seriously. That’s why you’ll want to update Chrome now if you haven’t already done so.
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
