MS-ISAC consultancy number:
2025-061
Published date (s):
02/07/2025
PREVIEW:
Vulnerability has been discovered in Google Chrome which could allow arbitrary execution of code. The successful exploitation of vulnerability could allow an execution of arbitrary code in the context of the connected user. According to the privileges associated with the user, an attacker could then install programs; Show, modify or delete data; Or create new accounts with complete user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those that operate with administrative user rights.
Threat intelligence:
Cisa added CVE-2025-6554 to its known vulnerability catalog (KEV) known, on the basis of active operating evidence.
Affected systems:
- Chrome prior to 138.0.7204.96/.97 for Windows
- Chrome prior to 138.0.7204.92/.93 for Mac
- Chrome prior to 138.0.7204.92 for Linux
Large and medium government entities
Small government
Large and medium business entities
Small business entities
