A critical zero-day vulnerability, CVE-2025-6554, in Google Chrome's V8 JavaScript engine is being exploited by attackers. This flaw allows remote attackers to perform arbitrary read and write operations via malicious HTML pages, potentially leading to complete system compromise. The vulnerability affects not only Google Chrome but also other Chromium-based browsers like Microsoft Edge and Opera. The broad attack surface poses significant risks, and immediate mitigation is required to prevent widespread exploitation.
Source: https://cybersecuritynews.com/cisa-chrome-0-day-vulnerability-2/
TPRM report: https://scoringcyber.rankiteo.com/company/google
"id": "goo358070325",
"linkid": "google",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which ordinary material is compromised, but no information had been stolen"{'affected_entities': [{'industry': 'Technology',
'location': 'Global',
'name': 'Google',
'size': 'Large',
'type': 'Technology Company'},
{'industry': 'Technology',
'location': 'Global',
'name': 'Microsoft',
'size': 'Large',
'type': 'Technology Company'},
{'industry': 'Technology',
'location': 'Global',
'name': 'Opera',
'size': 'Large',
'type': 'Technology Company'}],
'attack_vector': 'Malicious HTML pages',
'description': 'CISA has issued an urgent warning about a critical zero-day '
'vulnerability in Google Chrome that attackers are actively '
'exploiting in the wild. The vulnerability, designated '
'CVE-2025-6554, affects the Chromium V8 JavaScript engine and '
'has been added to CISA’s Known Exploited Vulnerabilities '
'(KEV) catalog.',
'impact': {'systems_affected': ['Google Chrome',
'Microsoft Edge',
'Opera',
'Other Chromium-based browsers']},
'initial_access_broker': {'entry_point': 'Malicious HTML pages'},
'motivation': 'System compromise',
'post_incident_analysis': {'corrective_actions': ['Immediate patching',
'Discontinue use if patches '
'unavailable'],
'root_causes': 'Type confusion flaw in V8 '
'JavaScript engine'},
'recommendations': ['Immediate patching',
'Discontinue use if patches unavailable',
'Implement additional security controls'],
'references': [{'source': 'CISA'}],
'regulatory_compliance': {'regulatory_notifications': ['CISA KEV catalog',
'BOD 22-01']},
'response': {'remediation_measures': ['Immediate patching',
'Discontinue use if patches '
'unavailable']},
'title': "Critical Zero-Day Vulnerability in Google Chrome's V8 Engine",
'type': 'Zero-Day Exploit',
'vulnerability_exploited': 'CVE-2025-6554'}