8.1 CVE-2025-6554

CISA Kev Catalog Exploit
 

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
https://nvd.nist.gov/vuln/detail/CVE-2025-6554

Categories

CWE-843 : Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Type confusion in CSS sequence leads to out-of-bounds read. Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild. Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.

References


 

CPE

cpe start end
Configuration 1
AND
   cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* < 138.0.7204.96
  Running on/with
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 2
AND
   cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* < 138.0.7204.92
  Running on/with
  cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
https://github.com/windz3r0day/CVE-2025-6554

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry