Get all your news in one place.

100’s of premium titles.
One app.

Get all your news in one place.

100’s of premium titles. One news app.

PC Gamer

Jess Kinghorn

Fresh zero-day vulnerability in Chrome found to be actively exploited by hackers in the wild

BERLIN, GERMANY - APRIL 22: The logo of the webbrowser Google Chrome is shown on the display of a smartphone on April 22, 2020 in Berlin, Germany.

When was the last time you updated your web browser? Are your palms sweaty? Knees weak, arms heavy, mom's spaghetti? Well, as the saying goes the best time to plant a tree/update your web browser/begin your illustrious rap career was probably long before today but the next best time is right now—and it's just as well as the National Vulnerability Database has just catalogued a zero-day flaw in Chrome.

CVE-2025-6554 is essentially a type confusion error in the V8 Javascript engine. This flaw has been spotted in the wild, and as the NVD entry explains, has been leveraged to allow "a remote attacker to perform arbitrary read/write via a crafted HTML page." Basically, if you're using a version of Chrome older than 138.0.7204.96, simply visiting a dodgy website could allow a hacker to execute code on your device.

This vulnerability was flagged to Google by Clément Lecigne of the company's internal Threat Analysis Group on June 25, leading to a speedy stable channel update less than a week later. If you're on either version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac or 138.0.7204.92 for Linux, the vulnerability should no longer be as pressing an issue.

I say 'as pressing' because this Javascript error has been the root of a number of zero-day vulnerabilities in the past as well. For instance, of the ten zero-day vulnerabilities Bleeping Computer counted in 2024 alone, a V8 type confusion error played a role in about half of them. It's very much a known issue.

Chrome usually updates automatically whenever it detects a new version is available. However, it also can't hurt to peek behind the three dots, check under 'Help,' and then look in 'About Google Chrome' just to ensure you're all up to date. That said, it's not just Google Chrome that could be affected by this security flaw.

Chromium-based browsers, such as Microsoft Edge, DuckDuckGo, and Opera, may also share this vulnerability. DeGoogling like PewDiePie is all well and good, but it's a company with its AI-generated, too-many-fingers in many different pies. So, I'm going to ask you once more—when was the last time you updated your web browser?

Sign up to read this article

Read news from 100’s of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

US group allegedly ran fake law firm and court proceedings to scam immigrants

US group allegedly ran fake law firm and court proceedings to scam immigrants

Federal prosecutors have arraigned four people in New Jersey, with a fifth at large in Colombia

The Guardian - US

A helicopter heads into California’s Sierra Nevada as crews battle brutal conditions to recover 8

A helicopter heads into California’s Sierra Nevada as crews battle brutal conditions to recover 8

Crews are working to recover victims after an avalanche in California’s Sierra Nevada killed eight people and left one missing

The Independent UK

Trump approves federal emergency declaration for Potomac River sewage spill

Trump approves federal emergency declaration for Potomac River sewage spill

Millions of gallons of raw sewage have been pouring into the water through a ruptured pipe since last month

The Guardian - US

Willie Colón, salsa singer and musician, dies aged 75

Willie Colón, salsa singer and musician, dies aged 75

The musician’s family announced his death in a post on Facebook

The Independent UK

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Trump DoJ bids to join lawsuit alleging LA schools discriminate against a ‘new minority: white students’

Trump DoJ bids to join lawsuit alleging LA schools discriminate against a ‘new minority: white students’

LAUSD provides resources to diverse schools in an effort to combat segregation – Pam Bondi’s agency wants it to stop

The Guardian - US

Recovering Brad Keselowski has road ace Joey Hand on standby for COTA

Recovering Brad Keselowski has road ace Joey Hand on standby for COTA

The 2012 Cup Series champion broke his right femur in December

Related Stories

Top stories on inkl right now

US group allegedly ran fake law firm and court proceedings to scam immigrants

US group allegedly ran fake law firm and court proceedings to scam immigrants

Federal prosecutors have arraigned four people in New Jersey, with a fifth at large in Colombia

The Guardian - US

A helicopter heads into California’s Sierra Nevada as crews battle brutal conditions to recover 8

A helicopter heads into California’s Sierra Nevada as crews battle brutal conditions to recover 8

Crews are working to recover victims after an avalanche in California’s Sierra Nevada killed eight people and left one missing

The Independent UK

Trump approves federal emergency declaration for Potomac River sewage spill

Trump approves federal emergency declaration for Potomac River sewage spill

Millions of gallons of raw sewage have been pouring into the water through a ruptured pipe since last month

The Guardian - US

Willie Colón, salsa singer and musician, dies aged 75

Willie Colón, salsa singer and musician, dies aged 75

The musician’s family announced his death in a post on Facebook

The Independent UK

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Trump DoJ bids to join lawsuit alleging LA schools discriminate against a ‘new minority: white students’

Trump DoJ bids to join lawsuit alleging LA schools discriminate against a ‘new minority: white students’

LAUSD provides resources to diverse schools in an effort to combat segregation – Pam Bondi’s agency wants it to stop

The Guardian - US

Recovering Brad Keselowski has road ace Joey Hand on standby for COTA

Recovering Brad Keselowski has road ace Joey Hand on standby for COTA

The 2012 Cup Series champion broke his right femur in December

Our Picks

‘Honestly a PSA’: Woman forgets to pack underwear for a trip. Her ‘trick’ has people vowing to never drink hotel coffee again

A St. Louis woman posted a disgusting and unsanitary life hack that has people questioning every cup of coffee they have ever had in a hotel room.

Kelly Osbourne describes grief as a 'quiet weight' - seven months after dad Ozzy Osbourne's death

Kelly Osbourne has described grief as the "quiet weight you learn to carry" - seven months after her dad, Ozzy Osbourne, died.

If Bond 26 Is An Origin Story, I Have A Wild Idea For The Movie

There’s an oft-overlooked bit of Bond history that could work here.

Who is Adonis? American travel streamer detained after assault clash with Romanian local during viral Bucharest livestream

American streamer Adonis was detained in Bucharest after a livestream fight with a Romanian local who allegedly spat on him. The viral video shows a heated argument before punches were thrown. Police arrived at the scene, and the local was treated by medics. Adonis later posted a cryptic message on…

The Times of India

Turns Out Liza Minnelli And Lady Gaga's Viral Oscars Moment Allegedly Has An Upsetting Backstory

I'm ready to hear more on this.

Paris Hilton says she has ‘rejection sensitivity dysphoria’ – here’s what it is and how it’s linked to ADHD

American media personality Paris Hilton recently shared on a podcast that she suffers from rejection sensitivity dysphoria, or RSD. Hilton, who has been diagnosed with ADHD, says the condition is common in people with the disorder. She also spoke of the impact RSD has had on her mental health over…

The Conversation

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play