Update your browser NOW: Google Chrome is hit by a serious security flaw – and hackers have already exploited it
But Google Chrome users have now been warned to update their browser immediately to avoid being targeted by hackers.
In a security bulletin, Google says it has now patched a high-severity issue which allowed criminals to infiltrate target computers.
And the tech giant says that criminals, even possibly nation states, have already exploited it.
The issue was found in a system called Chrome V8, which allows the browser to run code found on websites efficiently.
However, the flaw allowed hackers to create malicious webpages which could steal visitors' data, passwords, or even deploy viruses and ransomware.
Google says it has now fixed the vulnerability, but you will need to ensure your browser is updated to the latest version to be protected.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: 'Updating your devices and apps is vital and browsers are no different and just as essential to fix security holes like this one.'
This bug allowed hackers to execute so-called 'read/write' operations, allowing them direct access to information on the browser.
Mr Moore says: 'Criminal hackers could have been able to take advantage of this vulnerability to read anything stored in the browser's memory, which, worryingly, could include sensitive information like passwords.
'If a threat actor were to get into an account with such credentials, they could then target other people in the victim's contacts with relative ease.'
Google's security bulletin gave the vulnerability, dubbed CVE-2025-6554, a severity score of 8.1 out of 10 - ranking it as a 'high' threat issue.
The flaw is particularly attractive to criminals because it is a 'zero day' exploit, meaning that the flaw wasn't even known to Chrome's developers.
These are risky because criminals can often start using zero-day exploits to launch attacks before a security patch is prepared.
In this case, Google has confirmed that hackers have already been exploiting the vulnerability to launch attacks.
The bulletin says: 'Google is aware that an exploit for CVE-2025-6554 exists in the wild.
Google says it won't be releasing any more information until 'a majority of users are updated with a fix.'
However, based on the team that spotted the issue, the attacks may have been made by very powerful groups.
The vulnerability was spotted by Clément Lecigne of Google's Threat Analysis Group (TAG).
This cybersecurity organisation is usually responsible for tracking threats posed by nation-states and so-called advanced persistent threats (APTs).
Given that the flaw has already been exploited, it seems likely that it may have been used by nation states in highly targeted attacks.
Previous flaws in Chrome V8 have been used in the past to hack journalists, political dissidents, IT admins and other key targets for interference.
Mr Moore says: 'A flaw this serious could be used by anyone with the determination and the right knowledge to take advantage of it, which could easily include nation state actors.
'Such groups often look for extremely powerful vulnerabilities to spy on highly targeted people, such as government employees, like with the infamous Pegasus spyware.'
Google has already patched the issue, so ensure that you are updated to the latest software version to get protected
Google Chrome is usually updated automatically, installing all the latest security patches.
However, if you want to ensure you are protected, you can also manually check your software version and update the browser.
First, open the browser and select the drop-down menu in the top-right-hand corner.
From there, click on Help, and select 'About Google Chrome'.
This will show your current software version, which should be updated to 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux.
If you are not on the latest version of the software, select 'Relaunch' to restart Chrome and install the update.
If the 'Relaunch' button is not visible, this means you are already on the most up-to-date version.
Google has been contacted for comment.
HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED
Have I Been Pwned?
Cybersecurity expert and Microsoft regional director Tory Hunt runs 'Have I Been Pwned'.
The website lets you check whether your email has been compromised as part of any of the data breaches that have happened.
If your email address pops up you should change your password.
Pwned Passwords
To check if your password may have been exposed in a previous data breach, go to the site's homepage and enter your email address.
The search tool will check it against the details of historical data breaches that made this information publicly visible.
If your password does pop up, you're likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.
Mr Hunt built the site to help people check whether or not the password they'd like to use was on a list of known breached passwords.
The site does not store your password next to any personally identifiable data and every password is encrypted
Other Safety Tips
Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use.
Next, enable two-factor authentication. Lastly, keep abreast of any breaches
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
29 minutes ago
- Reuters
Core Scientific's shareholders balk at terms of CoreWeave merger offer, FT reports
Aug 5 (Reuters) - CoreWeave's (CRWV.O), opens new tab proposed $9 billion acquisition of data centre landlord Core Scientific (CORZ.O), opens new tab is facing potential revolt, as some top shareholders of the target firm argue the deal may leave them short-changed, the Financial Times reported. Some major Core Scientific shareholders plan to vote against the deal unless the terms are revised in the coming weeks, the report said on Tuesday, citing people familiar with the matter. Reuters could not immediately verify the report. CoreWeave and Core Scientific did not immediately respond to Reuters request for a comment outside regular business hours. The shareholder vote for Core Scientific has not yet been scheduled but is expected to take place sometime this autumn, the report said. The all-stock deal, valued at about $9 billion and announced last month, highlights the race among AI infrastructure firms to secure the energy and data center capacity required to meet surging demand. CoreWeave, which provides access to data centers and Nvidia-powered AI chips, initially submitted an unsolicited, non-binding takeover offer to Core Scientific in June 2024. However, the company rejected the offer, citing that its business was significantly undervalued.
The Independent
2 hours ago
- The Independent
Trump's NASA chief Sean Duffy expedites timeline for nuclear reactor on the moon
President Donald Trump's NASA chief Sean Duffy has expedited the timeline to build a nuclear reactor on the moon, according to a directive obtained by The Independent . The space agency has already mentioned the benefits of developing fission surface power (FSP) on the moon and Mars. 'Relatively small and lightweight, fission systems are powerful and could enable robust operations on the Moon and Mars,' NASA writes on its website. The agency says it's currently working with the Energy Department and the space industry to design a fission power system that would provide at least 40 kilowatts of power. In a directive sent to the heads of NASA on July 31, Duffy, the acting administrator of the agency and Trump's transportation secretary, ordered that the nuclear reactor provide at least 100 kilowatts of power and be ready to launch by 2030. NASA chief Sean Duffy has expedited the timeline to build a nuclear reactor on the moon, according to a new directive () The directive, first reported on by Politico, mentioned China and Russia's joint effort to place a reactor on the moon by the mid-2030s. The two U.S. adversaries first announced their plans in March 2024. 'The first country to do so could potentially declare a keep-out zone which would significantly inhibit the United States from establishing a planned Artemis presence if not there first,' Duffy warned in the directive. NASA's Artemis campaign aims to establish the first long-term presence on the moon. During Trump's inaugural address, he said the U.S. would launch astronauts 'to plant the stars and stripes on the planet Mars.' 'It is about winning the second space race,' a NASA senior official told Politico. An artist's concept of a fission power system on the moon (NASA) In Duffy's new timeline, a Fission Surface Power Program Executive will be designated within 30 days of the directive. The executive 'is empowered to provide reporting and updates with maximum transparency directly to the Administrator,' Duffy wrote. Within 60 days, NASA will ask for industry proposals for the nuclear reactor, according to the directive. The directive mentioned Trump's budget request for the 2026 fiscal year, which includes $350 million for a new program 'that will accelerate the development of high priority technologies for Mars, (i.e. FSP).' The funding would increase up to $500 million starting in the 2027 fiscal year. Trump's budget request also proposes a huge cut to NASA, with The Planetary Society, a global non-profit space organization, reporting it's the smallest budget proposed for the agency since 1961.
Finextra
4 hours ago
- Finextra
After Stablecoins, Tokenized Assets Will Be The Next Major Institutional Play in Blockchain: By Darren Carvalho
Recent institutional interest in stablecoins has been something of a watershed moment for the crypto industry. Not only has the mainstream adoption of stablecoins signalled a renewed interest in and a broader acceptance of blockchain, but it is the first sign of the convergence of decentralised finance (DeFi) and traditional finance (TradFi). Major institutions such as JPMorgan, Goldman Sachs, and BlackRock have begun integrating stablecoins into their operations. These TradFi heavyweights are utilising stablecoins for transactions, settlements, and as intermediaries bridging TradFi with DeFi. No other blockchain innovation has been adopted by traditional finance players to this extent, underscoring stablecoins' legitimacy as a bona fide financial instrument. So what comes next? Which new blockchain creation will capture the attention of TradFi or do stablecoins represent the pinnacle of blockchain's integration into the mainstream? It would appear that we already have a clear answer to this question: Tokenization. SEC Roundtable assesses Tokenization Like stablecoins, tokenization enables new market functions that are unfeasible in the traditional financial system. Tokenization, in the simplest terms, is the process of digitally representing real-world assets, including stocks, bonds, and real estate, on the blockchain in the form of a token, and its applications have already begun to pique the interests of private and public institutions. This was no more evident than during the US Securities and Exchange Commission's (SEC) public roundtable in May. The event brought together industry leaders, regulatory experts, and academics to discuss the potential of moving traditional assets onto blockchain-based platforms. Executives from BlackRock, Apollo, Fidelity, Invesco, to name just a few, emphasised that tokenization is a significant technological advancement, enabling programmable ownership and providing real-time settlements. Such potential benefits make tokenization particularly attractive for institutions seeking improved market dynamics. Tokenization is a technological shift An interesting theme raised at the SEC roundtable is that tokenization should be seen through the lens of a shift as opposed to the creation of entirely new asset classes. Conversations highlighted how tokenization could address various inefficiencies within traditional markets, including costly intermediaries and limited market access - not dissimilar to how stablecoins have overhauled and simplified traditional methods of processing cross-border payments, facilitating greater financial inclusion. Additionally, panelists emphasised the transformative potential of tokenization in automating compliance processes through smart contracts. They also noted that tokenization was a greater enabler of fractional investments, reducing the minimum purchase price of historically exclusive asset classes, bringing access to a broader range of investors, and therefore increasing liquidity in these tokenized assets. It is clear that tokenization's promise lies in its radical transformation of existing financial infrastructures. By leveraging blockchain's inherent transparency and immutability, tokenization can enhance investor trust and regulatory oversight while reducing systemic inefficiencies, fundamentally reshaping how assets are traded, settled, and owned in traditional markets. Challenges facing tokenization Participants at the SEC roundtable agreed that tokenization offers clear advantages to current market dynamics, but not without drawbacks that must be urgently addressed to enable the kind of institutional adoption seen with stablecoins. Issues such as custody arrangements and the need for regulatory clarity emerged as critical factors. Fortunately, we're beginning to see Web3 companies that have built tokenization platforms actively address many of the concerns raised by SEC panellists. Standard compliance checks such as Know Your Customer (KYC) and other Anti-Money Laundering safeguards are becoming increasingly standardised across the tokenization ecosystem, reinforcing trust among both retail and institutional investors. Some tokenization organisations have gone a step further in regulatory compliance by securing full Virtual Asset Service Provider (VASP) licenses from central banks in their regions of operation. These legal advancements are helping to create compliant secondary markets for tokenized real-world assets (RWAs), allowing investors to buy, sell and trade property-backed tokens within a safely regulated framework. Of course, there are still areas that need development if tokenization is to reach the scale of institutional adoption seen with stablecoins. While stablecoins have benefited from growing regulatory attention and standardised frameworks, many jurisdictions still lack clear guidelines on how tokenized securities or property-backed tokens are classified, taxed or traded. Interoperability also remains a challenge, with a need for more tokenization protocols and platforms that can integrate across chains and legacy systems, much like how stablecoins operate across exchanges, wallets and DeFi protocols. After stablecoins, tokenisation can be the next blockchain hit From reading coverage of the SEC Roundtable, it's clear that institutions recognise the immense potential of tokenization to reshape traditional asset markets - provided regulatory frameworks and technological standards evolve in tandem. Tokenization platforms are already scaling to meet some of these requirements. While certain growing pains still need to be addressed, tokenization is well on its way to becoming the next major institutional opportunity in blockchain technology, with the capacity to redefine the future of financial markets, much like stablecoins have begun to do.
