Chrome: Google plugs attacked security vulnerability
On Tuesday night, Google made an unplanned update to the Chrome browser. A security vulnerability is already under attack.
(Image: heise online / dmk)
Google is distributing an unplanned update for the Chrome web browser – on virtually all supported platforms. The cause is a security vulnerability in the browser that has already been actively attacked on the internet.
In the version announcement, the Chrome developers write that the update only contains a security fix. It is a vulnerability of the type “Type Confusion”, where unexpected data types are passed to program code parts. This triggers unexpected behavior and attackers can abuse this in the specific case, which affects the JavaScript engine V8, for arbitrary read and write access by carefully prepared, malicious websites (CVE-2025-6554 / no EUVD yet, no CVSS, risk “high” according to Google).1
Attacked security leak
Google already distributed countermeasures for all platforms in the stable channel on June 26 through a configuration change. The vulnerability was discovered by the Google Threat Analysis Group on June 25. However, the developers are now closing the vulnerability correctly with code changes. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the developers also add – meaning that the vulnerability is already being abused by malicious actors.
Videos by heise
The bug is ironed out in versions Chrome 138.0.7204.63 for Android, 138.0.7204.119 for iOS, 138.0.7204.96 for Linux, 138.0.7204.92/.93 for Mac and finally 138.0.7204.96/.97 for Windows. The developers have also upgraded the extended stable versions to 138.0.7204.93 for macOS and 138.0.7204.97 for Windows.
Check the current version
To check whether Chrome is already up-to-date, users can call up the version dialog. They can do this by clicking on the icon with the three stacked dots to the right of the address bar, and then clicking on “Help” and then “About Google Chrome”. This may also trigger the update process if the browser is out of date.
(Image:Â Screenshot / dmk)
On other platforms, the app stores or, under Linux for example, the distribution-specific software management are responsible for updating. As the Chromium code forms the basis for other web browsers such as Microsoft's Edge, these are also likely to distribute updated versions in the near future. Users should then install these quickly.
Google last patched an already attacked vulnerability in Chrome at the beginning of June. The developers have also closed this vulnerability by distributing a configuration change.
(dmk)
