Google's TAG team discovered and patched a high-severity bug in Chrome's V8 engine, identified as CVE-2025-6554, that allowed threat actors to execute arbitrary code on endpoints.
The bug was actively exploited in the wild, posing risks of data theft, token exfiltration, and malware deployment.
Google released patches for Windows, macOS, and Linux versions on June 26, urging users to update to safeguard their systems.
The exploit was discovered by Google's Threat Analysis Group (TAG), indicating potential abuse by nation-state threat actors in targeted attacks.