Google Patches Another Urgent Chrome Security Flaw
Updating Chrome now protects you from a major security flaw already being exploited, keeping your data and devices safe from potential attacks.
If you're using Chrome and haven’t updated your browser recently, now’s the time. Google has just patched yet another critical security flaw in Chrome and this one isn’t just theoretical. It’s already being exploited, and potentially by state-sponsored hackers.
The vulnerability, known as CVE-2025-6554, targets Chrome’s V8 JavaScript engine and stems from a type confusion bug. That means the browser ends up misreading data in memory, allowing attackers to perform unauthorized read and write operations. In plain English, someone could use this flaw to access your personal information, steal session tokens, or even deliver malware just by luring you to a compromised webpage.
The discovery came from Clément Lecigne of Google’s Threat Analysis Group, the team that usually steps in when nation-state activity is involved. That, paired with Google’s confirmation that the flaw is being actively abused in the wild, makes it likely this vulnerability was used in highly targeted campaigns, perhaps against journalists, political figures, or IT administrators.
Louis Eriakha
This isn’t an isolated case either. It marks the fourth zero-day Chrome has faced this year alone. The first three, CVE-2025-2783 in March, CVE-2025-4664 in May, and CVE-2025-5419 in June, were all patched under emergency conditions after reports of active exploitation. This growing list shows a worrying trend: browser vulnerabilities are becoming a favourite target in serious cyber operations.
Google has released the fix through Chrome version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux. Most users will get the update automatically, but if you haven’t restarted your browser recently, it’s worth visiting chrome://settings/help to trigger it manually. Users of Chromium-based browsers like Edge, Brave, and Opera should also keep an eye out for their respective updates.
This marks yet another entry in what’s becoming an annual trend of Chrome zero-days, each more serious than the last. And while Google continues to react, the pace of discovery and exploitation is outpacing what simple patching can solve.
At the very least, staying up to date is no longer just best practice. It’s survival.
