Google fixes another 0-day vulnerability in Chrome, advises to update asap

If you have installed Google Chrome on one of your devices, then you may want to start the browser’s update engine immediately to update it to the latest version.

Google released a new version of Chrome for desktop and Android to fix a 0-day vulnerability in the browser. This one is exploited in the wild, which means that there is a chance that the issue may be exploited when you run older versions of the Google browser.

The official release notes list CVE-2025-6554 as a type confusion issue in V8, the JavaScript engine that Google Chrome uses. A type confusion vulnerability exploits a flaw in software where a program mistakes a specific type of data for another. This can lead to unexpected behavior, which threat actors may exploit in attacks.

Google mentions that the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on June 25th, 2025. Google says that it mitigated the issue a day later by pushing a configuration change to the stable channel of the browser across all platforms.

This suggests that most devices — all that received the configuration change — are protected from attacks targeting the vulnerability. Still, it is recommended to update the browser immediately.

Desktop users, those who run Google Chrome on Windows, Mac, or Linux devices may select Menu > Help > About Google Chrome to do so. Chrome runs a check for updates and will install the new version automatically. Note that a restart of the browser is necessary to complete the process.

Tip: Windows users may also run winget upgrade google.chrome.exe in Terminal to upgrade the browser to the new version without first starting it.

Android users are not so lucky. The update depends on Google Play in that case, and that may take a while. There is no option to speed up the installation of the mobile browser on Android, if installed via Google Play.