CVE CVE

CVE-2025-6554

CISA Known Exploited Vulnerability (KEV)

Google Chromium V8 Type Confusion Vulnerability

July 2, 2025

July 23, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Weakness Enumeration

CWE-ID CWE Name

CWE-843
Access of Resource Using Incompatible Type (‘Type Confusion’)

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
8.1
Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS v2

Not defined