Emergency Update Fixes High-Severity Zero-Day in Google Chrome 138

⚡ TL;DR | Go Straight to the Google Chrome 138 Vulnerability Audit Report

Google has released emergency security updates for Chrome 138 to patch a zero-day vulnerability (CVE-2025-6554) that is already being exploited in the wild. We have added a new report to Lansweeper to help you locate vulnerable Chrome installations.

Google Chrome 138 Vulnerability CVE-2025-6554

The vulnerability adressed by this security update, CVE-2025-6554, is a type confusion vulnerability in the V8 JavaScript engine. When successfully exploited, usually by reading or writing memory out of buffer bounds, it could lead to browser crashes or allow attackers to execute arbitrary code.

Google’s advisory confirms that they are aware of an exploit existing in the wild, but as usual, they are not releasing any further details about the nature of any known exploits, to avoid further exploitation.

Update Vulnerable Chrome Installations

This zero-day has been fixed in the new update for Chrome 138, that is version 138.0.7204.96/.97 for Windows, version 138.0.7204.92/.93 for Mac, or 138.0.7204.92 for Linux. As always, Google is holding off on releasing further details until a majority of users has had a chance to update their installations. That way malicious actors won’t be able to leverage the additional information for further attacks.

Discover Vulnerable Chrome Installs

We have added an updated Google Chrome audit report to your Lansweeper installation to help you locate any vulnerable instances of Google Chrome in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.