π Overview
Google has released a critical security update to address a zero-day vulnerability in the Chrome browser, actively exploited in the wild. The flaw, tracked as CVE-2025-6554, affects multiple platforms including Windows, macOS, and Linux.
π Patch Release Date: July 1, 2025
π Vulnerability Type: Use-after-free in WebRTC
π Severity Level: Critical (0-day exploit in active use)
π₯ Discovered by: Googleβs Threat Analysis Group (TAG) and Google Project Zero
π΅οΈ What is CVE-2025-6554?
CVE-2025-6554 is a use-after-free vulnerability in WebRTC, the real-time communications engine within Chrome. Exploiting this bug can allow remote attackers to execute arbitrary code, potentially taking full control of the affected system.
Google reports active exploitation, meaning attackers are already using this vulnerability in the wild.
π§ Affected Versions
The vulnerability exists in the following versions:
- Google Chrome prior to 125.0.6422.142 for Windows/Mac/Linux
β Patched version: Chrome 125.0.6422.142
π How to Update
Chrome usually updates automatically, but users are encouraged to manually check for updates:
- Open Chrome.
- Click the three dots menu β Help β About Google Chrome.
- Chrome will automatically check and install the latest update.
- Restart the browser after updating.
π Security Recommendations
Google strongly advises all users to:
- Update Chrome immediately
- Monitor any unusual browser behavior
- Organizations should apply enterprise-level patching policies
π‘ Bonus Tip: Consider enabling Enhanced Protection in Chrome for proactive threat alerts.
π§ Expert Commentary
βThis exploit underscores the importance of rapid patch deployment. With WebRTC being a core part of modern browser communications, this type of vulnerability can open serious attack vectors.β
β Chrome Security Team