cbcvebase.
CVE-2025-6554
published 2025-06-30

CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium…

PriorityP183high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-07-23
Exploited in the wild
EPSS
6.56%
93.0th percentile
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Affected

10 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 138.0.7204.92-1~deb12u1138.0.7204.92-1~deb12u1
chromiumchromium>= 0 < 138.0.7204.92-1138.0.7204.92-1
chromiumchromium>= 0 < 138.0.7204.92-1138.0.7204.92-1
debianchromium< chromium 138.0.7204.92-1~deb12u1 (bookworm)chromium 138.0.7204.92-1~deb12u1 (bookworm)
googlechrome< 138.0.7204.96138.0.7204.96
googlechrome< 138.0.7204.92138.0.7204.92
googlechrome>= 138.0.7204.96 < 138.0.7204.96138.0.7204.96
googlechrome_chrome
msrcmicrosoft_edge
paloaltoprisma_browser

Detection & IOCsextracted from sources · hover to see the quote

versionGoogle Chrome < 138.0.7204.96
  • CVE-2025-6554 is confirmed exploited in the wild — Google/Microsoft have acknowledged an exploit exists in the wild for this V8 type confusion vulnerability.
  • Attack vector is a crafted HTML page delivered remotely; monitor for suspicious Chromium/Chrome/Edge renderer process activity triggered by HTML content, especially in headless browser deployments (e.g., Grafana Image Renderer plugin).
  • Grafana Image Renderer versions prior to 3.12.9 and Grafana Synthetic Monitoring Agent versions before 0.38.3-browser embed a vulnerable headless Chromium instance and are exploitable via this CVE.
  • Siemens Industrial Edge App Publisher versions prior to 1.23.5 are affected; monitor for exploitation attempts against this product via crafted HTML pages.
  • ·Debian bookworm fix is in chromium package version 138.0.7204.92-1~deb12u1; bullseye remains open/unpatched.
  • ·Siemens HyperLynx has no fix available as of the advisory date; exploitation additionally requires an attacker to modify local files and have application access.
  • ·Red Hat does not ship Chromium in any supported offerings; no Red Hat fix or mitigation meeting their criteria is available.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
osv8.1HIGH
vulncheck8.1HIGH
cisa8.1HIGH
vendor_debian8.1HIGH
vendor_msrc8.1HIGH
vendor_redhat8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.