National CSIRT-CY | National Computer Security Incident Response Team of Cyprus - Google Chrome: Access of Resource Using Incompatible Type ('Type Confusion')

Google Chrome: Access of Resource Using Incompatible Type ('Type Confusion')

12 July 2025

The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting Google Chrome.

Technical Details

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.

Recommendations

The Digital Security Authority recommends upgrading Google Chrome as per their version:

The Stable channel has been updated to 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac and 138.0.7204.96 for Linux which will roll out over the coming days/weeks.

References

The information presented in this report is based on available data up to the 01st of July 2025.

[ Get the report in .PDF ]

National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Google Chrome: Access of Resource Using Incompatible Type ('Type Confusion')

12 July 2025

Cyber threats require heightened defences

Working towards a trusted and cyber secure Europe

Protect your cyber hygiene

Cyber Europe 2022 [exercise]