Rule Document 1:66662

Rule Category

BROWSER-CHROME -- Snort has detected suspicious traffic known to exploit vulnerabilities present in the Chrome browser. These rules are separate from the "browser-webkit" category; while it uses the Webkit rendering engine, there's a lot of other features to create a secondary Chrome category.

Alert Message

BROWSER-CHROME Google Chrome V8 type confusion attempt

Rule Explanation

This rule looks for server responses containing malicious javascript that leverages a type confusion to achieve arbitrary read/write of Chromium-based browser memory space.

What To Look For

This rule alerts on attempts to exploit an information leak vulnerability in Chromium browsers.

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Browser::Chrome

MITRE::ATT&CK Framework::Enterprise::Reconnaissance::Gather Victim Host Information

Adversaries may gather information about the victim's hosts that can be used during targeting. Information about hosts may include a variety of details, including administrative data (ex: name, assigned IP, functionality, etc.) as well as specifics regarding its configuration (ex: operating system, language, etc.).

Vulnerability::Severity::Critical

Vulnerability::Severity::High

CVE

CVE-2025-6554

Additional Links

chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

Rule Vulnerability

Information Leak

Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

CVE-2025-6554

Loading description