1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google has patched another urgent security flaw in Chrome - so up

    From TechnologyDaily@1337:1/100 to All on Wednesday, July 02, 2025 18:15:08
    Google has patched another urgent security flaw in Chrome - so update now or be at risk

    Date:
    Wed, 02 Jul 2025 17:02:00 +0000

    Description:
    High-severity Google Chrome bug is already being abused - and most likely by malicious nation-states.

    FULL STORY ======================================================================Google's
    TAG team finds high-severity bug in Chrome V8 The bug allows threat actors
    to run arbitrary code on endpoints It is being actively exploited, so users should patch now

    Google has fixed a high-severity Chrome vulnerability which was allegedly being exploited in the wild, possibly by nation-state threat actors.

    In a new security bulletin, Google said it addressed a type confusion issue
    in Chrome V8, tracked as CVE-2025-6554, which allowed threat actors to
    perform arbitrary read/write operations, potentially giving way to sensitive data theft, token exfiltration, or even malware and ransomware deployment.

    The V8 engine is Googles open source high-performance JavaScript and WebAssembly engine used in Chrome and other Chromium-based browsers to
    execute web code efficiently. The bug caused V8 to incorrectly interpret
    data, leading to unintended behavior. In theory, a threat actor could serve a specially crafted HTML page to a target, which could trigger the RCE.

    Get 55% off Incogni's Data Removal service with code TECHRADAR

    Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
    and protect your privacy from unwanted spam and scam calls. View Deal Nation-states and other adversaries

    The bug was given a severity score of 8.1/10 - high, and was addressed in versions 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux, on June 26.

    In the advisory, Google confirmed the bug was being actively abused, but decided not to share any details until the majority of the browsers are patched. Usually, Chrome automatically installs the patches, but just in
    case, you might want to head over to chrome://settings/help and allow Chrome to look for updates.

    While Google kept the details under wraps, knowing who blew the whistle tells us a little more about potential abusers. The bug was discovered by Clment Lecigne of Googles Threat Analysis Group (TAG), a cybersecurity arm that usually investigates nation-state threat actors.

    If TAG was looking into this bug, and we know its abused in the wild, then
    its safe to assume that it was used by nation-states in highly targeted attacks. Previous V8 flaws have been abused in campaigns against high-profile targets in the past, including journalists, dissidents, IT admins, and
    similar people.

    Via Infosecurity Magazine You might also like New Chrome flaw leaks
    sensitive information across websites - your data could already be in the wrong hands Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-just-patched-another-urgent-secu rity-flaw-in-chrome-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)