Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability in Google Chrome
Alerts

Active Exploitation of Zero-Day Vulnerability in Google Chrome

1 July 2025

Google has released security updates to address a zero-day vulnerability in its Chrome browser. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Google has released security updates addressing a zero-day vulnerability (CVE-2025-6554) in their Chrome browser. 

Impact

Successful exploitation of the type confusion vulnerability in Google Chrome's V8 JavaScript could allow a remote attacker to perform arbitrary read/write operations through a crafted HTML page.

Known Exploitation

This vulnerability is reportedly being actively exploited.

Affected Products

This vulnerability affects versions of Google Chrome prior to 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac and 138.0.7204.92 for Linux.

Mitigation

Users of Chrome browsers are advised to upgrade their browser to the latest versions.

Users are also encouraged to enable automatic updates in Chrome browser to ensure that their software is updated promptly.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

https://cybersecuritynews.com/chrome-0-day-vulnerability-exploited/

Back to top