Be very alert — if you’re one of the millions of people who use Google Chrome daily, a serious vulnerability has just been discovered, and cybercriminals didn’t waste a second to start exploiting it.
The bug, listed as CVE-2025-6554, allows attackers to take control of your computer just by getting you to visit a malicious website. And yes, there are already confirmed cases of active attacks.
This type of vulnerability, known as “type confusion,” affects the JavaScript V8 engine that Chrome uses to run web pages and applications. Basically, hackers can trick the browser into mismanaging memory and executing arbitrary code on your machine, giving them free rein to steal data, install malware, or even lock you out of your system.
Google has reacted quickly, mainly due to the severity of the threat, but the only way to stay protected is to update Chrome to the latest version.
A Failure That Is Already Being Exploited — You Must Update Now
Clément Lecigne, one of Google’s top cybersecurity experts, raised the alarm on June 25. Just one day later, Google applied a temporary mitigation to curb the attacks but made it clear that the permanent fix requires users to update Chrome immediately.
The update is now available for:
- – Windows: versions 138.0.7204.96/.97
- – Mac: versions 138.0.7204.92/.93
- – Linux: version 138.0.7204.96
There’s a reason why this update is being emphasised so strongly — the attacks are already happening. It’s one thing for hackers to find a vulnerability, but it’s another when they actively start exploiting it before a fix reaches users.
This is exactly what’s happening now. Hackers have found a way to exploit the bug and are launching campaigns via malicious websites and apps you should definitely avoid downloading. If you fall into one of these traps, hackers could gain full control of your system — files, saved passwords, browsing history, and more.
What You Should Do Now
Go to Chrome > Settings > About Chrome and let the browser check for updates. The process is automatic, and once the update installs, just restart Chrome to be protected.
Chrome Extensions Also Pose Serious Risk
Cybersecurity concerns with Chrome aren’t limited to this one exploit. Recently, it was discovered that some popular Chrome extensions also pose significant threats.
For example:
- – PDF Toolbox — With over 2 million users and a 4.2 rating, this extension was found accessing external servers to track every page a user visited.
- – Autoskip for YouTube — Another extension that accessed user data without proper permissions.
The core issue isn’t just the danger of accidentally downloading one of these — it’s systemic. A study found that 51% of extensions from Google and Microsoft’s stores pose risks to users.
The main threats include:
- • Unauthorised data access
- • Malicious code execution via browser
Google routinely scans and removes dangerous extensions from the Chrome Web Store, even popular ones. Still, this proves that high ratings and download numbers don’t guarantee safety.
While Google and other tech companies continue to invest in detection systems and collaborate with researchers, it’s never quite enough. Hackers often stay one step ahead.
The Best Defence Is You
Ultimately, the strongest protection is your own vigilance. Be cautious about where you download apps or extensions, and stay informed. A little common sense and awareness go a long way in making sure you don’t become the next victim.