Grafana has released security patches for four high-severity vulnerabilities in the Chromium library to prevent remote code execution and memory access issues. These vulnerabilities, including CVE-2025-6554, affect Grafana Image Renderer and Synthetic Monitoring Agent, with some exploits already observed in the wild. #CVE-2025-6554 #V8JavaScriptEngine
Keypoints
- Grafana released security updates addressing four critical vulnerabilities in Chromium-based components.
- The most serious flaw, CVE-2025-6554, involves a type confusion in Chromeβs V8 engine exploited in the wild.
- Other addressed issues include remote code execution, integer overflow, and use-after-free vulnerabilities.
- Affected products include Grafana Image Renderer versions prior to 3.12.9 and Synthetic Monitoring Agent before 0.38.3.
- Users are advised to update their systems promptly to mitigate potential remote exploitation risks.
Read More: https://www.securityweek.com/grafana-patches-chromium-bugs-including-zero-day-exploited-in-the-wild/