CISA Known Exploited Vulnerability (KEV)
Google Chromium V8 Type Confusion Vulnerability
July 2, 2025
July 23, 2025
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
References
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-843 |
Access of Resource Using Incompatible Type (‘Type Confusion’) |