Emergency security update released for Google Chrome

update released for Google Chrome / Photo File (Bleeping Computer)

Google has released an emergency security update for its widely used web browser, Google Chrome, after discovering a critical zero-day vulnerability that could potentially affect over 3.5 billion users worldwide. The flaw, identified as CVE-2025-6554, is already being actively exploited by hackers, prompting Google to issue an immediate patch.

According to cybersecurity experts, the vulnerability stems from a “type confusion bug” in Chrome’s V8 JavaScript and WebAssembly engine. Exploiting this flaw, hackers can execute malicious code on a user’s system simply by getting them to open a specially crafted HTML page.

Google confirmed that this is the sixth zero-day exploit discovered in Chrome in 2025, following previously reported vulnerabilities such as CVE-2025-4664 and CVE-2025-5419.

User Advisory:

Google has advised all users to immediately update their browsers by navigating to
Settings → About Chrome, ensuring that their Chrome version is 138.0.7204.96 or newer. After updating, users must restart the browser for the security patch to take effect.

Organizations and businesses have also been urged to apply updates across all systems without delay and closely monitor for any unusual browser or network activity. Until the update is installed, experts recommend avoiding untrusted websites.

Wider Threat Landscape:

Cybersecurity analysts warn that web browsers have become a prime target for cyberattacks. In 2024 and 2025 alone, more than 30 zero-day vulnerabilities were discovered in Chrome and other major browsers. Such exploits could potentially lead to cryptocurrency theft, ransomware infections, and supply chain attacks.