Upcoming Google Chrome Alert - Only 19 Days Remaining for Browser Upgrade
In a recent update, Google Chrome has addressed multiple high-severity security vulnerabilities, including two zero-day flaws that are currently being exploited in the wild.
The first vulnerability, CVE-2025-6558, is a high-severity (CVSS 8.8) zero-day affecting Chrome's ANGLE and GPU components. This vulnerability, discovered by Google's Threat Analysis Group on June 23, 2025, allows an attacker to craft a malicious HTML page that could potentially escape Chrome’s sandbox, compromising the victim’s entire device. This vulnerability affects Chrome versions prior to 138.0.7204.157.
The second zero-day, CVE-2025-6554, is a type confusion flaw in Chrome’s V8 JavaScript and WebAssembly engine. This bug, also discovered by Google’s TAG team, affects versions prior to 138.0.7204.96 and allows arbitrary memory read/write, potentially leading to code execution by opening crafted HTML content. This vulnerability was reported on June 25, 2025, and suggests targeted exploitation possibly by nation-state actors.
Google has released Chrome version 138.0.7204.157 (and later) which includes fixes for both zero-day vulnerabilities and a total of six security issues reported for July 2025. Users are strongly urged to update to at least this version promptly to mitigate these risks.
The Cybersecurity and Infrastructure Security Agency (CISA) has also referenced one of these vulnerabilities, urging all users to prioritize timely remediation of Known Exploited Vulnerabilities. The CISA deadline for updating Google Chrome is August 12.
To update Google Chrome, users can navigate to Settings > Help > About Google Chrome. After the update, it is necessary to relaunch the browser to activate the patched browser.
It's important to note that the discovery and disclosure of security vulnerabilities in Google Chrome does not mean that the browser is inherently unsafe. On the contrary, it allows for quick fixes and ensures ongoing protection for users. However, the ongoing security issues in Google Chrome should be a concern for all users, and it is crucial to update the browser as soon as possible to minimize potential risks.
| Vulnerability CVE | Description | Affected Versions | Fixed In Version | Severity (CVSS) | Exploitation Status | |-------------------|-------------------------------------|--------------------------|-----------------------|-----------------|----------------------------------| | CVE-2025-6558 | ANGLE/GPU input validation flaw causing sandbox escape | Prior to 138.0.7204.157 | ≥138.0.7204.157 | 8.8 (High) | Actively exploited in the wild | | CVE-2025-6554 | V8 engine type confusion allowing arbitrary memory access | Prior to 138.0.7204.96 | ≥138.0.7204.157 | 8.1 (High) | Actively exploited in the wild |
For more information, visit the Google Chrome security blog or the CISA website. It's recommended to enable automatic updates to ensure ongoing protection.
- In light of the recent CISA warning and the active exploitation of two zero-day vulnerabilities in Google Chrome, it's crucial to upgrade your Chrome browser to the latest version, as recommended by Google, to bolster your data-and-cloud-computing security and maintain technology protection.
- By updating your Google Chrome browser now, not only are you mitigating the risks posed by the High-severity zero-day vulnerabilities CVE-2025-6558 and CVE-2025-6554, but you're also emphasizing the importance of cybersecurity in the ever-evolving landscape of data-and-cloud-computing and technology.
