- Google’s Tag-Team finds bug with high difficulty in Chrome V8
- The Bug allows threat actors to run arbitrary code on final points
- It is actively utilized so users have to patch now
Google has fixed a chrome vulnerability with high levels of difficulty, which was allegedly exploited in nature, possibly by nation-state threat players.
In a new security bulletin, Google said it was dealing with a type of confusion problem in Chrome V8, tracked as CVE-2025-6554, which allowed threat actors to perform arbitrarily read/writing operations that potentially allow for sensitive data theft, token Exfiltration or even malware and ransomware implementation.
The V8 engine is Google’s Open Source-high-out JavaScript and Webassemble Motor used in Chrome and other chrome-based browsers to perform web code effectively. The error caused the V8 to wrongly interpret data, which led to unintended behavior. In theory, a threat actor could earn a specially designed HTML side to a goal that could trigger RCE.
Nation states and other opponents
The error got a severity of 8.1/10 – high, and was addressed in versions 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Macos and 138.0.7204.96 for Linux, June 26.
In that advice, Google confirmed that the error was actively abused, but decided not to share any details until most of the browsers are patched. Usually, Chrome automatically installs patches, but just in case you may want to go over to Chrome: // Settings/Help and allow Chrome to look for updates.
While Google kept the details while wrapping, knowing who blasted the flute tells us a little more about potential addicts. The Bug was discovered by ClĂ©ment Lecigne from Google’s threat analysis Group (tag), a cybersecurity arm that usually examines national-state threat players.
If roof looked at this error and we know it is abused in nature, it is safe to assume that it was used by nation states in very targeted attacks. Former V8 deficiencies have been abused in campaigns against high-profile goals in the past, including journalists, dissidents, administrators and similar people.
Via Infosecurity Magazine
