Google has released a set of security patches to address multiple vulnerabilities in the Chrome browser, including one that has already been exploited in active attacks.
Among the six vulnerabilities fixed, the most critical is CVE-2025-6558, which carries a CVSS score of 8.8. This flaw results from improper input validation in Chrome’s ANGLE and GPU components. It was reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG) on June 23, 2025. TAG focuses on tracking nation-state hackers and commercial spyware actors, one of whom is believed to have exploited this issue in the wild.
According to Google’s advisory, "Google is aware that an exploit for CVE-2025-6558 exists in the wild."
In addition to this, Google addressed the following high-severity vulnerabilities:
- CVE-2025-7656: An integer overflow in the V8 engine, reported by Shaheen Fazim on June 17, 2025.
- CVE-2025-7657: A use-after-free issue in WebRTC, reported by researcher jakebiles on June 25, 2025.
Earlier in July, Google also patched CVE-2025-6554, another flaw exploited in the wild. This vulnerability is a type confusion bug in Chrome’s V8 JavaScript and WebAssembly engine. Discovered by Clément Lecigne on June 25, the issue was mitigated by a configuration update pushed to all platforms on June 26.
A type confusion occurs when a program handles data incorrectly by interpreting it as the wrong type, which can lead to memory corruption, crashes, or remote code execution.
CVE-2025-6554 marks the fourth Chrome zero-day vulnerability patched by Google in 2025. Other zero-days addressed this year include:
- CVE-2025-5419: An out-of-bounds read and write in V8 that can trigger heap corruption via a crafted HTML page. This flaw has been actively exploited.
- CVE-2025-4664: A browser vulnerability capable of leading to full account compromise.
- CVE-2025-2783: An issue in Mojo on Windows involving incorrect handle usage. It was reported by Kaspersky researchers Boris Larin and Igor Kuznetsov in March. Google issued out-of-band updates to fix this flaw, which was exploited in attacks against organizations in Russia.
These patches are part of Google’s ongoing efforts to secure its browser against increasingly sophisticated and targeted threats.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
