Skip to main content

Chrome CVE-2025-6554

| EUVD-2025-19675 HIGH
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2025-06-30 chrome-cve-admin@google.com
Information Disclosure Chrome Google Memory Corruption Debian Red Hat Suse
8.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

6
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 01:25 euvd
EUVD-2025-19675
Analysis Generated
Mar 16, 2026 - 01:25 vuln.today
Added to CISA KEV
Oct 24, 2025 - 14:11 cisa
CISA KEV
PoC Detected
Oct 24, 2025 - 14:11 vuln.today
Public exploit code
CVE Published
Jun 30, 2025 - 22:15 nvd
HIGH 8.1

DescriptionNVD

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write operations through crafted HTML pages. KEV-listed with public PoC, type confusion in V8 is the most reliable class of browser exploitation primitives, providing full memory read/write capability for code execution within the renderer sandbox.

Technical ContextAI

V8 type confusion occurs when the JIT compiler makes incorrect assumptions about an object's type, generating machine code that accesses memory using the wrong offsets and sizes. This provides the attacker with arbitrary read/write primitives — the most powerful exploitation building blocks. Type confusion bugs in V8 are considered the gold standard for browser exploitation because they provide reliable, flexible memory access.

RemediationAI

Update Chrome to 138.0.7204.96+. Update all Chromium browsers. Enterprise: push updates via Group Policy.

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-47269 HIGH
7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
CVE-2026-8842 MEDIUM
6.4 May 27

Stored Cross-Site Scripting in the Google+ Link Name WordPress plugin (versions up to and including 1.0) allows authenti

Vendor StatusVendor

Debian

chromium
Release Status Fixed Version Urgency
bullseye (security), bullseye vulnerable 120.0.6099.224-1~deb11u1 -
bookworm fixed 138.0.7204.92-1~deb12u1 -
bookworm (security) fixed 146.0.7680.71-1~deb12u1 -
trixie fixed 145.0.7632.159-1~deb13u1 -
trixie (security) fixed 146.0.7680.71-1~deb13u1 -
forky fixed 146.0.7680.71-1 -
sid fixed 146.0.7680.80-1 -
bullseye fixed (unfixed) end-of-life
(unstable) fixed 138.0.7204.92-1 -
DSA-5955-1

Share

CVE-2025-6554 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy