CVE-2025-6554 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-06-30

Added to CISA KEV: 2025-07-02 2 DAYS BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Update Google Chrome to version 138.0.7204.96 or later immediately
Monitor for suspicious browser behavior and unexpected network connections
Low priority for T1190 defenses but high priority for endpoint protection and user awareness

CVE-2025-6554 Impact, Exploitability, and Mitigation Steps | Wiz
A high-severity zero-day vulnerability identified as CVE-2025-6554 was discovered in Google Chrome's V8 JavaScript and WebAssembly engine.
Chrome V8 Zero-Day: CVE-2025-6554 Actively Exploited
CVE-2025-6554 is a critical V8 Zero-Day vulnerability actively exploited in Chrome v138 and earlier, allowing remote code execution via ...
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
CISA has added CVE-2025-6554 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-6554 - Red Hat Customer Portal
This allows an attacker to potentially manipulate memory contents. The exploitation vector involves the processing of malicious HTML content.
CVE-2025-6554 details - NVD
Description. Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

🟢 CVE-2025-6554