Detections
Analytics

CVE-2025-6554

high

Description

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

References

https://www.securityweek.com/high-severity-flaws-patched-in-chrome-firefox/

https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/

https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html

https://securityaffairs.com/180001/hacking/cve-2025-6554-marks-the-fifth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html

https://www.helpnetsecurity.com/2025/07/09/microsoft-fixes-critical-wormable-windows-flaw-cve-2025-47981/

https://securityaffairs.com/179682/hacking/u-s-cisa-adds-google-chromium-v8-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/news-events/alerts/2025/07/02/cisa-adds-one-known-exploited-vulnerability-catalog

https://securityaffairs.com/179549/hacking/cve-2025-6554-is-the-fourth-chrome-zero-day-patched-by-google-in-2025.html

https://www.securityweek.com/chrome-138-update-patches-zero-day-vulnerability/

https://www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/

https://www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/

https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

https://www.theregister.com/2025/09/18/google_emergency_patch_chrome_0_day/

https://www.helpnetsecurity.com/2025/09/18/chrome-zero-day-vulnerability-cve-2025-10585/

https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html

https://securityaffairs.com/182322/uncategorized/cve-2025-10585-is-the-sixth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html

https://www.securityweek.com/grafana-patches-chromium-bugs-including-zero-day-exploited-in-the-wild/

https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/

https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html

https://issues.chromium.org/issues/427663123

Details

Source: Mitre, NVD

Published: 2025-06-30

Updated: 2025-07-16

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00024