Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html
https://www.securityweek.com/chrome-138-update-patches-zero-day-vulnerability/
https://www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/
https://www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html