Google Patches New Zero-Day Vulnerability in Browsers Like Chrome and Edge

Last week, Google released a patch for its Chrome browser (which affects other Chromium-based browsers, like Microsoft Edge). This update doesn’t include new features, or user-facing changes. Instead, the update’s main purpose is to patch a zero-day vulnerability with a known exploit—making this a particularly important update to install.

The zero-day in question is tracked as CVE-2025-6554, and is a type confusion flaw. According to the release notes, “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.”

As The Hacker News explains, type confusion flaws can be dangerous. Bad actors can exploit these types of flaws in many ways that result in unexpected behavior, like arbitrary code execution (the ability to run malicious code on your machine), or crashing your programs.

Any zero-day vulnerability, however, is important to patch as soon as possible. A zero-day is a flaw that is discovered or exploited before a patch can be issued by the software developer. In this case, Google is aware of an exploit in the wild for this vulnerability, which means that unpatched browsers are vulnerable to any bad actors that have discovered the exploit thus far.

A silver lining here, however, is that Google did address the issue quickly before even issuing this patch. Once the flaw was discovered on June 25, Google was able to issue a configuration change the following day, protecting users while the company worked to develop a patch. Now that the patch is out, it is important for all users to update as soon as possible.

As Microsoft Edge runs on the same underlying platform as Chrome (Chromium), it is also affected by this zero-day flaw. Updates tend to roll out for other Chromium browsers later than Google’s own Chrome browser, but make sure to update Edge as soon as possible, and keep it updated with each new update.