Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code

Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers.

The flaw, tracked as CVE-2025-6554, is a type confusion vulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms.

The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG) on June 25, 2025. According to Google, attackers have already developed and deployed exploits targeting this flaw in the wild, prompting the company to act quickly. 

The bug allows a remote attacker to perform arbitrary read and write operations in the browser’s memory by luring users to maliciously crafted web pages. Successful exploitation could enable attackers to execute arbitrary code, potentially ...