Update your Chrome to fix new actively exploited zero-day vulnerability – Malwarebytes

/in , /by

Activate Subscription >
Add devices or upgrade >
Renew Subscription >
Billing >
Don’t have an account?
Sign up >

< Products
Have a current computer infection?
Try our antivirus with a free, full-featured 14-day trial
Get your free digital security toolkit
Find the right cyberprotection for you

< Business
< Pricing
Protect your personal devices and data
Protect your team’s devices and data – no IT skills needed
Explore award-winning endpoint security for your business
< Resources

< Support
Malwarebytes and Teams Customers
Nebula and Oneview Customers
Google has released an update for its Chrome browser to patch an actively exploited flaw.
This update is crucial since it addresses an actively exploited vulnerability which can be exploited when the user visits a malicious website. It doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.
The update brings the Stable channel to 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac and 138.0.7204.96 for Linux.
The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.
To manually get the update, click the more menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is reload Chrome in order for the update to complete, and for you to be safe from the vulnerability.
You can find more elaborate update instructions and the version number information in our article on how to update Chrome on every operating system.
The vulnerability, tracked as CVE-2025-6554 is a type confusion in V8 in Google Chrome that, prior to 138.0.7204.96, could have allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
A type confusion bug happens when code doesn’t verify the object type passed to it, and then uses the object without type-checking. Unfortunately, this bug occurs on the V8 JavaScript engine, Google’s open-source JavaScript engine.
The browser mistakenly treats a piece of data as the wrong type, which lets attackers manipulate memory in unintended ways. This can allow them to perform unauthorized read and write operations in the browser’s memory.
Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on June 25, 2025. The TAG group focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.
We don’t just report on browser vulnerabilities, Malwarebytes’ Browser Guard protects your browser against malicious websites and credit card skimmers, blocks unwanted ads, and warns you about relevant data breaches and scams.
SHARE THIS ARTICLE
July 10, 2025 – Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government.
July 10, 2025 – The job applicants' personal information could be accessed by simply guessing a username and using the password “12345.”
July 9, 2025 – Researchers have discovered a campaign of malicious browser extensions that were available in the official Chrome and Edge web stores.
July 8, 2025 – Google says its Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see that as a good thing.
July 8, 2025 – If someone is going to negotiate with criminals for you, that person should at least be on your side.
ABOUT THE AUTHOR
Pieter Arntz
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
COMPUTER SECURITY
MOBILE SECURITY
PRIVACY PROTECTION
IDENTITY PROTECTION
LEARN ABOUT CYBERSECURITY
PARTNER WITH MALWAREBYTES
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
2445 Augustine Drive
Suite 550
Santa Clara, CA
USA, 95054
ABOUT MALWAREBYTES
WHY US
GET HELP
Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
© 2025 All Rights Reserved

source

You might also like
15 DIY SEO Strategies That Boosted My Startup's Visibility – Entrepreneur
Local SEO: How To Make More Customers Click, Choose & Walk Through Your Doors [Webinar] – Search Engine Journal
5 Social Media Strategies You Can Use to Boost Your SEO – Search Engine Journal
Best Online Reputation Management Companies: Your Ultimate 2025 Guide – Detroit Metro Times
Compare generative AI vs. LLMs: Differences and use cases – TechTarget
SEO redefined: adapting to a new era of digital marketing – Campaign
How To Make Money With SEO: Tips for Ecommerce Brands (2024) – Shopify
5 Key Digital Marketing Statistics to Improve Your Law Firm's Strategy in 2025 – Entrepreneur