What is CVE-2025-6554?
CVE-2025-6554 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine used by Chromium-based browsers. A remote attacker can exploit this flaw via a crafted HTML page, allowing arbitrary read/write operations in memory. The zero-day vulnerability was first discovered and patched in Google Chrome, but also affects other Chromium-based browsers like Microsoft Edge and Opera. The vulnerability is currently being exploited in the wild, with possible use in highly targeted attacks, potentially by nation-state actors or for surveillance purposes.
What is a type confusion vulnerability?
A type confusion vulnerability (also known as type manipulation or type-unsafe access) occurs when a program or application accesses a resource, such as a variable or object, with a different type than it was originally allocated or initialized with.
Attackers can exploit these vulnerabilities to trigger unintended behavior and achieve various malicious outcomes, including cross-site scripting, denial of service, data exposure, access control bypass, file inclusion, and even remote code execution (RCE).
Type confusion bugs are especially dangerous in just-in-time (JIT) compilers like V8, which power dynamic languages such as JavaScript.
What is V8?
V8 is Google's open-source JavaScript and WebAssembly engine used in Google Chrome and many Chromium-based browsers. It compiles and runs JavaScript in real time, processing untrusted content from websites.
Because of its central role in browser security — and its exposure to the open web — V8 is a frequent target for attackers, especially in sophisticated campaigns.
Who is affected by CVE-2025-6554?
CVE-2025-6554 affects any browser built on Chromium’s codebase. The popularity of Chrome and the widespread adoption of the V8 engine in other Chromium-based browsers means that a large number of users are potentially vulnerable to exploits, including:
- Google Chrome (security update)
- Microsoft Edge (security update)
- Opera (security update)
Due to the massive user base of these browsers, millions of users are at risk.
Is CVE-2025-6554 actively exploited?
Yes. Multiple indicators confirm active exploitation:
- Google TAG has confirmed ‘an exploit exists in the wild.’
- The vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog.
- The Exploit Prediction Scoring System( EPSS) estimates a 91% likelihood of exploitation within 30 days, ranking it among the top 10% of all known vulnerabilities.
This underscores the urgent need to patch all affected browsers immediately.
How to remediate CVE-2025-6554
Most browsers are configured to auto-update, but updates may not apply until the next browser restart. We recommend:
- Restart your browser immediately to apply the latest patch.
- Verify your browser version to ensure it’s up to date (Google Chrome: 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux. Microsoft Edge: 138.0.3351.65).
- If you manage endpoints in a corporate environment, push the updates through your centralized endpoint management system without delay.
To make sure that all CVEs have been remediated and don’t reoccur, it’s important to continually scan your environment with a vulnerability management tool, such as Mondoo.
Detect CVE-2025-6554 with Mondoo
Mondoo scans your endpoints for vulnerabilities and alerts if it detects CVE-2025-6554 on any of your machines. Mondoo detects CVE-2025-6554 in Google Chrome and Microsoft Edge on all Windows, macOS, and Linux machines.
About Mondoo
Mondoo is an exposure management platform that identifies, prioritizes, and remediates vulnerabilities and misconfigurations in your entire IT infrastructure and SDLC from a single interface — including on-prem, cloud, SaaS, and endpoints. Unlike siloed approaches, Mondoo enables you to quickly understand your most urgent risks and initiate fast remediation, ensuring optimized security efforts and significantly improving security posture.
Want to see Mondoo in action? Schedule a demo with one of our experts.
