Google Issues Urgent Update For Millions Of Chrome Users Amid Active 0-Day Exploit
Tracked as CVE-2025-6554 and described as a type of confusion weakness, the flaw is exploited when a program tries to access a part of a computer's memory that it is not permitted to access. Users may feel a seemingly innocuous impact of this flaw when the Chrome browser crashes unexpectedly; however, when hackers exploit it, most users will not even know that cybercriminals are executing arbitrary code on their system.
This flaw's severity rating is considered high, and rightly so. Who would argue that a flaw that allows malicious actors to gain unwarranted access to a computer, install malicious software, and even exfiltrate data is not severe? As usual, Google did not reveal details of this vulnerability, as information released about it can cause further exploitation of the flaw. However, when it is ascertained that most Chrome users have patched their devices against this flaw, Google will likely release additional details about it.
Chrome users on the desktop are reportedly susceptible to this vulnerability, and there are no indications of any such flaw on Chrome mobile (Google recently added some features to the mobile browser, by the way). Google indicated that the flaw has now been fixed in the Chrome browser with version number 138.0.7204.96/.97 on Windows. It has also been fixed on Linux with version number 138.0.7204.96. Mac Chrome users are also not left out; Chrome version number 138.0.7204.92/.93 was also patched.
If you use Google Chrome on PC, Linux or Mac, you should grab the update manually at your earliest convenience, given that the zero-day vulnerability is being actively exploited in the wild. Normally, your browser should update itself automatically. However, checking and ensuring your browser is patched is also good. To do this, click the three dots at the top right corner of your Chrome browser > Help > About Google Chrome.
