CVE-2025-6554

ENISA EUVD: EUVD-2025-19675 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 7 articles Published: 2025-06-30

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

1.58%

probability

This CVE has a 1.58% probability of being exploited in the next 30 days.

0% Top 81.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.1

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

VulnerabilityLookup (CNA)

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google

Chrome

138.0.7204.96

google

chrome

Google

Chrome

138.0.7204.96 <138.0.7204.96

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-704 · Incorrect Type Conversion CWE-843 · Type Confusion

Google Project Zero

Patched

June 30, 2025

Reported by

Clément Lecigne of Google's Threat Analysis Group

Root Cause Analysis

???

Exploits & PoC

aklnjakln/CVE-2025-6554

31 2025-11-25

Muhammednihalmp/Google-chrome-zero-day

CVE-2025-6554

12 2025-11-09

gmh5225/CVE-2025-6554-2

2 2025-07-04

PwnToday/CVE-2025-6554

2 2025-08-28

ghostn4444/POC-CVE-2025-6554

1 2025-07-09

juccoblak/CVE-2025-6554

🔍 Demonstrate and validate the `addressof` and `fakeobj` primitives in the V8 sandbox for advanced security research on CVE-2025-6554.

1 2026-05-23

gmh5225/CVE-2025-6554

0 2025-07-04

LordBheem/CVE-2025-6554

CVE-2025-6554 PoC

0 2025-07-10

8 repos — triés par ⭐ Rechercher sur GitHub ↗

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

https://issues.chromium.org/issues/427663123

Signal Intelligence

Confidenceⓘ

92%

EPSS 1.58%

CVSS v3.1 8.1

Mentions 7

Last Seen Dec 11, 2025

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2025-6554 is confirmed as a zero-day with active in-the-wild exploitation, high CVSS score (8.1), and coverage by Google Project Zero and multiple reputable security sources. The type confusion vulnerability in V8 enabling arbitrary read/write through crafted HTML represents a credible critical threat with confirmed exploitation activity.