Informationssicherheit

Chrome web browser: security vulnerability under attack

ALERT Chrome web browser: security vulnerability under attack

On Tuesday night, Google made an unplanned update to the Chrome browser. A security vulnerability is already under attack.

Google is distributing an unplanned update for the Chrome web browser - on all supported platforms. The reason for this is a security vulnerability in the browser that is already being actively attacked on the internet.

In the version announcement, the Chrome developers write that the update only contains a security fix. It is a vulnerability of the "Type Confusion" type, in which unexpected data types are passed to program code parts. This triggers unexpected behavior and attackers can abuse this in the specific case, which affects the JavaScrip engine V8, for arbitrary read and write access by carefully prepared, malicious websites (CVE-2025-6554 / no EUVD yet, no CVSS, risk"high" according to Google).

Attacked security leak

Google already distributed countermeasures for all platforms in the stable channel on June 26 through a configuration change. The vulnerability was discovered by the Google Threat Analysis Group on June 25. However, the developers are now closing the vulnerability correctly with code changes. "Google is aware that an exploit for CVE-2025-6554 exists in the wild," the developers also add - meaning the vulnerability is already being abused by malicious actors.

The bug is ironed out in versions Chrome 138.0.7204.63 for Android, 138.0.7204.119 for iOS, 138.0.7204.96 for Linux, 138.0.7204.92/.93 for Mac and finally 138.0.7204.96/.97 for Windows. The developers have also upgraded the extended stable versions to 138.0.7204.93 for macOS and 138.0.7204.97 for Windows.

Check the current version

To check whether Chrome is already up to date, users can call up the version dialog. They can do this by clicking on the icon with the three stacked dots to the right of the address bar and then clicking on "Help" and then "About Google Chrome". This may also trigger the update process if the browser is out of date.

On other platforms, the app stores or, under Linux for example, the distribution-specific software management are responsible for updating. As the Chromium code forms the basis for other web browsers such as Microsoft's Edge, these are also likely to distribute updated versions in the near future. Users should then install these quickly.

Google last patched an already attacked vulnerability in Chrome at the beginning of June. The developers also initially mitigated this vulnerability by distributing a configuration change.

Found on https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitsluecke-10465615.html