Google Chrome Warning—Update Or Stop Using Browser By July 23

Google has confirmed that Chrome is under attack again, and has issued another emergency update for all users following the mandatory “configuration change” it pushed out last week. Whatever device you’re running, you need to ensure you have downloaded the latest software and then you need to restart your browser.

As I suggested would happen, America’s cyber defence agency has now mandated federal employees update or stop using Chrome within 3 weeks, on or before July 23. The warning also applies to Microsoft Edge and other Chromium-based browsers.

ForbesDo Not Use Your Credit Card Online If You See These 2 Things

CISA warns that Chrome’s V8 Javascript engine “contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page.” That means just visiting the wrong website could put you at risk.

In confirming CVE-2025-6554, Google explained that it would not release any further details at this time, “until a majority of users are updated with a fix.” But the fact it was discovered by Google’s own Threat Analysis Group just five days before the fix was released — with a config change even faster than that — tells you how urgent this is.

The assumption is that this will have been found in highly targeted attacks, the kind that use specialized websites to lure specific victims or links and other social media, email or text messages to deploy its attacks. But the fact this is now public domain and being fixed means the risks are high as attackers deployments before it’s too late.

This is the fourth actively exploited zero-day this year, and it highlights how important it is to keep all browsers updated at all times. While CISA’s mandate only applies to federal agency staff, its remit extends to all organizations to help them “better manage vulnerabilities and keep pace with threat activity.”

ForbesChange Your Browser Settings Now—‘Massive Security Risk’

You will see a flag within Chrome telling you an update has been downloaded and you need to restart. All your tabs should reopen, albeit your Incognito private browsing tabs will not. So make sure there’s nothing unsaved in any of those.

Following Google’s warning that it’s “aware that an exploit for CVE-2025-6554 exists in the wild,” we can expect more detail on the vulnerability over the coming weeks.

Continue Reading