#chrome

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users.

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.