CVE-2025–6554: Google Chrome Zero-Day Caused by Type Confusion in V8 Engine
Google发布Chrome安全更新修复零日漏洞CVE-2025-6554。该漏洞由V8引擎类型混淆引起,允许攻击者通过恶意HTML页面执行任意代码或读写内存。影响版本为138.0.7204.96之前的Windows、macOS和Linux版本。此漏洞可能被用于植入间谍软件或执行恶意代码。 2025-7-12 13:38:4 Author: infosecwriteups.com(查看原文) 阅读量:27 收藏

Om Maniya

https://www.pexels.com/photo/google-website-on-the-electronic-device-screen-5494323/

Google just released a security update for zero-day vulnerability in its Google Chrome browser which is tracked as CVE-2025-6554.

This zero-day vulnerability was caused by type confusion in the V8 engine of JavaScript and WebAssembly engine.

It allowed an attacker to perform arbitrary reads/writes by crafted HTML page as Stated by NIST in National Vulnerability Database (NVD). This was found in Google Chrome version prior to 138.0.7204.96.

This issue was due to improper type checking in V8 engine and it could be exploited to trigger arbitrary code execution and read/write memory out of bounds of the buffer.

These kinds of zero-day bugs are hacker’s favourite because no immediate fix is available to stop the exploitation. In real world scenarios, hackers use this bugs and install spyware in victim’s machine, download malicious files to victim’s machine or execute malicious code to harm users.

Affected Versions:

All versions prior to,

  1. Windows: 138.0.7204.96/.97
  2. macOS: 138.0.7204.92/.93
  3. Linux: 138.0.7204.96

文章来源: https://infosecwriteups.com/cve-2025-6554-google-chrome-zero-day-caused-by-type-confusion-in-v8-engine-417e1eab2f22?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh