CVE-2025-6554
published 2025-06-30CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium…
PriorityP183high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-07-23
Exploited in the wild
EPSS
6.56%
93.0th percentile
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 138.0.7204.92-1~deb12u1 | 138.0.7204.92-1~deb12u1 |
| chromium | chromium | >= 0 < 138.0.7204.92-1 | 138.0.7204.92-1 |
| chromium | chromium | >= 0 < 138.0.7204.92-1 | 138.0.7204.92-1 |
| debian | chromium | < chromium 138.0.7204.92-1~deb12u1 (bookworm) | chromium 138.0.7204.92-1~deb12u1 (bookworm) |
| chrome | < 138.0.7204.96 | 138.0.7204.96 | |
| chrome | < 138.0.7204.92 | 138.0.7204.92 | |
| chrome | >= 138.0.7204.96 < 138.0.7204.96 | 138.0.7204.96 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| paloalto | prisma_browser | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-6554 is confirmed exploited in the wild — Google/Microsoft have acknowledged an exploit exists in the wild for this V8 type confusion vulnerability. ↗
- →Attack vector is a crafted HTML page delivered remotely; monitor for suspicious Chromium/Chrome/Edge renderer process activity triggered by HTML content, especially in headless browser deployments (e.g., Grafana Image Renderer plugin). ↗
- →Grafana Image Renderer versions prior to 3.12.9 and Grafana Synthetic Monitoring Agent versions before 0.38.3-browser embed a vulnerable headless Chromium instance and are exploitable via this CVE. ↗
- →Siemens Industrial Edge App Publisher versions prior to 1.23.5 are affected; monitor for exploitation attempts against this product via crafted HTML pages. ↗
- ·Debian bookworm fix is in chromium package version 138.0.7204.92-1~deb12u1; bullseye remains open/unpatched. ↗
- ·Siemens HyperLynx has no fix available as of the advisory date; exploitation additionally requires an attacker to modify local files and have application access. ↗
- ·Red Hat does not ship Chromium in any supported offerings; no Red Hat fix or mitigation meeting their criteria is available. ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
osv8.1HIGH
vulncheck8.1HIGH
cisa8.1HIGH
vendor_debian8.1HIGH
vendor_msrc8.1HIGH
vendor_redhat8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mj9c-f5v6-7665: Type confusion in V8 in Google Chrome prior to 138
ghsa_unreviewed·2025-07-01
CVE-2025-6554 [HIGH] CWE-843 GHSA-mj9c-f5v6-7665: Type confusion in V8 in Google Chrome prior to 138
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
OSV
CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138
osv·2025-06-30·CVSS 8.1
CVE-2025-6554 [HIGH] CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
VulnCheck
Google Chromium V8 Type Confusion Vulnerability
vulncheck·2025·CVSS 8.1
CVE-2025-6554 [HIGH] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://learn.microsoft.com/en-
CISA ICS
Siemens HyperLynx and Industrial Edge App Publisher
cisa_ics·2025-10-16·CVSS 8.1
[HIGH] Siemens HyperLynx and Industrial Edge App Publisher
ICS Advisory
##
Siemens HyperLynx and Industrial Edge App Publisher
Release DateOctober 16, 2025
Alert CodeICSA-25-289-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: HyperLynx and Industrial Edge App Publisher
- Vulnerability: Access of Resource Using Incompatible Type ('
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-6554
vendor_chrome·2025-07-14·CVSS 8.1
CVE-2025-6554 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2025-6554
Long Term Support Channel Update for ChromeOS
CVE-2025-6554
Palo Alto
PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
vendor_paloalto·2025-07-09·CVSS 8.8
CVE-2025-5958 [HIGH] PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html CVE Summary CVE-2025-5958 Use after free in Media CVE-2025-5959 Type Confusion in V8 CVE-2025-6191 Integer overflow in V8 CVE-2025-6192 Use after free in Metrics CVE-2025-6554 Type confusion in V8 CVE-2025-6555 Use after free in Animation CVE-2025-6556 Insufficient policy enforcement in Loader CVE-2025-6557 Insufficient data validation in DevTools
CVEs: CVE-2025-5958, CVE-20
Microsoft
Chromium: CVE-2025-6554 Type Confusion in V8
vendor_msrc·2025-07-08·CVSS 8.1
CVE-2025-6554 [HIGH] Chromium: CVE-2025-6554 Type Confusion in V8
Chromium: CVE-2025-6554 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Cl
CISA
Google Chromium V8 Type Confusion Vulnerability
cisa·2025-07-02·CVSS 8.1
CVE-2025-6554 [HIGH] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Vulnerability: Google Chromium V8 Type Confusion Vulnerability
Affected: Google Chromium V8
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html?m=1 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6554
Remediation Due Date: 2025-07-23
Red Hat
chromium: Chrome V8 Type Confusion Read/Write
vendor_redhat·2025-06-30·CVSS 8.1
CVE-2025-6554 [HIGH] CWE-843 chromium: Chrome V8 Type Confusion Read/Write
chromium: Chrome V8 Type Confusion Read/Write
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
A flaw was found in chromium. A type confusion vulnerability in the V8 JavaScript engine allows a remote attacker to achieve arbitrary read and write operations via a specially crafted HTML page. This allows an attacker to potentially manipulate memory contents. The exploitation vector involves the processing of malicious HTML content. This can lead to arbitrary code execution.
Statement: Chromium is not shipped in any supported Red Hat offerings.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Ha
Debian
CVE-2025-6554: chromium - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote at...
vendor_debian·2025·CVSS 8.1
CVE-2025-6554 [HIGH] CVE-2025-6554: chromium - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote at...
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 138.0.7204.92-1~deb12u1)
bullseye: open
forky: resolved (fixed in 138.0.7204.92-1)
sid: resolved (fixed in 138.0.7204.92-1)
trixie: resolved (fixed in 138.0.7204.92-1)
No detection rules found.
No public exploits indexed.
Mandiant
Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Intellexa’s Prolific Zero-Day Exploits Continue
Threat Intelligence
# Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
December 3, 2025
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
### Introduction
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving.
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside
Mandiant
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
## Introduction
Despite extensive scrutiny and public reporting , commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government . New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving .
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside research published by our colleagues from Recorded Future and Amne
Qualys
Patch Automation for Browsers with TruRisk™ Eliminate
blogs_qualys·2025-09-24·CVSS 9.8
CVE-2025-10585 [CRITICAL] Patch Automation for Browsers with TruRisk™ Eliminate
## Table of Contents
Conclusion: Automated Patching is the Smarter Way
Recently, CISA added a Chrome zero-day vulnerability, CVE-2025-10585 , to its Known Exploited Vulnerabilities (KEV) Catalog , confirming that threat actors are actively exploiting this high-severity flaw in real-world attacks.
This vulnerability affects multiple web browsers that utilize the Chromium engine, including Google Chrome, Microsoft Edge, Opera, and Brave.
CISA strongly urges all organizations and individual users to prioritize updating their browsers as part of essential vulnerability management practices.
A patch is available. You can find the vulnerability in Qualys VMDR and eliminate the risk as follows:
Find the vulnerability in VMDR
View Risk Elimination
Create Remediation job
We just launched a
Qualys
Automated Browser Patching with Qualys TruRisk™ Eliminate | Qualys
blogs_qualys·2025-09-24·CVSS 9.8
CVE-2025-10585 [CRITICAL] Automated Browser Patching with Qualys TruRisk™ Eliminate | Qualys
#### Table of Contents
- Conclusion: Automated Patching is the Smarter Way
Recently, CISA added a Chrome zero-day vulnerability, CVE-2025-10585, to its Known Exploited Vulnerabilities (KEV) Catalog, confirming that threat actors are actively exploiting this high-severity flaw in real-world attacks.
This vulnerability affects multiple web browsers that utilize the Chromium engine, including Google Chrome, Microsoft Edge, Opera, and Brave.
CISA strongly urges all organizations and individual users to prioritize updating their browsers as part of essential vulnerability management practices.
A patch is available. You can find the vulnerability in Qualys VMDR and eliminate the risk as follows:
- Find the vulnerability in VMDR
- View Risk Elimination
- Create Remediation job
We just laun
Bleepingcomputer
Google fixes actively exploited sandbox escape zero day in Chrome
blogs_bleepingcomputer·2025-07-16·CVSS 8.8
[HIGH] Google fixes actively exploited sandbox escape zero day in Chrome
## Google fixes actively exploited sandbox escape zero day in Chrome
## Bill Toulas
ANGLE (Almost Native Graphics Layer Engine) is an open-source graphics abstraction layer used by Chrome to translate OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL.
Because ANGLE processes GPU commands from untrusted sources like websites using WebGL, bugs in this component can have a critical security impact.
The vulnerability allows a remote attacker using a specially crafted HTML page to execute arbitrary code within the browser’s GPU process. Google has not provided the technical details on how triggering the issue could lead to escaping the browser's sandbox.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” states Google in the
Bleepingcomputer
Grafana releases critical security update for Image Renderer plugin
blogs_bleepingcomputer·2025-07-03·CVSS 8.8
[HIGH] Grafana releases critical security update for Image Renderer plugin
## Grafana releases critical security update for Image Renderer plugin
## Bill Toulas
Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent.
Although the issues impact Chromium and were fixed by the open-source project two weeks ago, Grafana received a bug bounty submission from security researcher Alex Chapman proving their exploitability in the Grafana components.
Grafana describes the update as a "critical severity security release" and advises users to apply the fixes for the vulnerabilities below as soon as possible:
CVE-2025-5959 (high-severity, 8.8 score) – type confusion bug in the V8 JavaScript and WebAssembly engine allows remote code execution inside a sandbox via a crafted
Qualys
Zero-Day Vulnerability Protection | Detect & Stop Threats | Qualys
blogs_qualys·2025-04-18
Zero-Day Vulnerability Protection | Detect & Stop Threats | Qualys
## Table of Contents
Why Zero-Day Vulnerabilities Demand a New Security Mindset
Understanding Zero-Day Vulnerabilities, Exploits, and Attacks
How Do Zero-Day Attacks Work?
The Zero-Day Lifecycle: From Discovery to Exploitation
Real-World Zero-Day Attacks and Their Impact
Why Zero-Day Vulnerabilities Are So Dangerous
Detecting Zero-Day Vulnerabilities
Challenges in Identifying Zero-Day Vulnerabilities
How Qualys Helps Organizations Manage Zero-Day Risk
Conclusion
Frequently Asked Questions (FAQs)
Executive Summary
Zero-day vulnerabilities pose a significant and growing risk as opportunistic attackers rapidly exploit unknown flaws before fixes are available. These threats can bypass traditional defenses, spread rapidly, and cause widespread disruption across organizations.
To r
Qualys
Zero-Day Vulnerability Protection | Detect & Stop Threats | Qualys
blogs_qualys·2025-04-18
Zero-Day Vulnerability Protection | Detect & Stop Threats | Qualys
#### Table of Contents
- Why Zero-Day Vulnerabilities Demand a New Security Mindset
- Understanding Zero-Day Vulnerabilities, Exploits, and Attacks
- How Do Zero-Day Attacks Work?
- The Zero-Day Lifecycle: From Discovery to Exploitation
- Real-World Zero-Day Attacks and Their Impact
- Why Zero-Day Vulnerabilities Are So Dangerous
- Detecting Zero-Day Vulnerabilities
- Challenges in Identifying Zero-Day Vulnerabilities
- How Qualys Helps Organizations Manage Zero-Day Risk
- Conclusion
- Frequently Asked Questions (FAQs)
Executive Summary
Zero-day vulnerabilities pose a significant and growing risk as opportunistic attackers rapidly exploit unknown flaws before fixes are available. These threats can bypass traditional defenses, spread rapidly, and cause widespread disruption across organi
2025-06-30
Published
2025-07-02
Added to CISA KEV
Exploited in the wild