Mishcon de Reya page structure
Site header
Menu
Main content section
google

Lessons from Google Chrome's Fourth Zero-Day Exploit of 2025

Posted on 9 July 2025

What happened? 

On 1 July 2025, Google released emergency security updates for Chrome to fix a critical security flaw that criminals were already exploiting. The vulnerability, designated CVE-2025-6554, affects Chrome's core engine that processes websites and allows attackers to take control of computers by tricking users into visiting malicious web pages.1 

Google's specialist security team discovered the flaw on 25 June and confirmed that cybercriminals were actively using it in targeted attacks against high-value individuals and organisations. The company immediately pushed out emergency fixes on 26 June, followed by full updates for Chrome versions across Windows, Mac, and Linux systems.

Affected versions and required updates: 

Platform Vulnerable Versions Secure Versions
Windows All versions prior to 138.0.7204.96 138.0.7204.96 or 138.0.7204.97
MacOS All versions prior to 138.0.7204.92 138.0.7204.92 or 138.0.7204.93
Linux All versions prior to 138.0.7204.96 138.0.7204.96


This represents the fourth time in 2025 that Google has had to urgently patch Chrome security flaws that were being exploited by attackers, following similar incidents in January, May and June. The discovery was made by Google's Threat Analysis Group (TAG), which focuses on detecting attacks by government-backed hackers, suggesting that sophisticated criminals or foreign intelligence services are behind these coordinated operations.

The security flaw also affects other popular browsers built on Chrome's technology, including Microsoft Edge, Brave, Opera, and Vivaldi, requiring coordinated security responses across the entire browser ecosystem. 

So what? 

Security flaws in browser engines represent critical attack points as they allow criminals to bypass normal security protections through seemingly legitimate websites. The escalating pattern of four exploited vulnerabilities in seven months demonstrates that threat actors are becoming increasingly sophisticated at weaponising browser weaknesses. 

The involvement of Google's government-threat specialists indicates that nation-state hackers are systematically targeting browser infrastructure for espionage operations. These attacks specifically focus on high-value individuals and organisations, suggesting coordinated intelligence gathering campaigns rather than random cybercrime. 

Organisations should implement automatic software updates with monitoring systems to ensure critical patches are deployed within hours of release. The compressed timeline between vulnerability discovery and active exploitation means traditional monthly update schedules provide insufficient protection against professional threat actors. 

Companies should deploy security systems that can detect suspicious website behaviour and consider browser isolation technology that runs web content in secure, separate environments. IT teams must coordinate updates across all Chrome-based browsers to prevent attackers from simply switching between different browser variants. 

This incident reinforces that browser security has become a critical component of national infrastructure protection, requiring layered security strategies that assume systems will be compromised and focus on rapid detection and containment of threats.  

How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else