Google has released emergency security updates for its Chrome browser to address a critical zero-day vulnerability that is actively being exploited in the wild.
The flaw, tracked as CVE-2025-6554, is described as a type confusion bug in Chrome's V8 JavaScript and WebAssembly engine.
Although Google has not disclosed details about the nature of the attacks or who may be behind them, the company confirmed that “an exploit for CVE-2025-6554 exists in the wild.”
The vulnerability was mitigated with a configuration change that was pushed out to Chrome's Stable channel across all platforms just a day after discovery.
This marks the fourth zero-day vulnerability in Chrome patched by Google in 2025, following CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.