CVE-2025-6554

HIGH KEV

Google Chrome <138.0.7204.96 - RCE

Title source: llm

Description

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Exploits (12)

github WORKING POC 41 stars
by mistymntncop · javascriptclient-side
https://github.com/mistymntncop/CVE-2025-6554
nomisec WORKING POC 30 stars
by aklnjakln · client-side
https://github.com/aklnjakln/CVE-2025-6554
nomisec WRITEUP 11 stars
by Muhammednihalmp · poc
https://github.com/Muhammednihalmp/Google-chrome-zero-day
github WORKING POC 4 stars
by jopraveen · javascriptclient-side
https://github.com/jopraveen/CVE-2025-6554
nomisec WORKING POC 2 stars
by PwnToday · client-side
https://github.com/PwnToday/CVE-2025-6554
nomisec STUB 2 stars
by gmh5225 · client-side
https://github.com/gmh5225/CVE-2025-6554-2
nomisec WORKING POC 1 stars
by juccoblak · client-side
https://github.com/juccoblak/CVE-2025-6554
nomisec WORKING POC 1 stars
by ghostn4444 · infoleak
https://github.com/ghostn4444/POC-CVE-2025-6554
nomisec WORKING POC
by LordBheem · poc
https://github.com/LordBheem/CVE-2025-6554
nomisec WORKING POC
by gmh5225 · client-side
https://github.com/gmh5225/CVE-2025-6554

References (3)

Scores

CVSS v3 8.1
EPSS 0.0094
EPSS Percentile 76.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CISA KEV 2025-07-02
VulnCheck KEV 2025-06-30
ENISA EUVD EUVD-2025-19675
CWE
CWE-843
Status published
Products (1)
google/chrome < 138.0.7204.96
Published Jun 30, 2025
KEV Added Jul 02, 2025
Tracked Since Feb 18, 2026