Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Avatar
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components. “Insufficient validation of untrusted input in ANGLE and

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.

The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components.

“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page,” according to the description of the flaw from the NIST’s National Vulnerability Database (NVD).

ANGLE, short for “Almost Native Graphics Layer Engine,” acts as a translation layer between Chrome’s rendering engine and device-specific graphics drivers. Vulnerabilities in the module can let attackers escape Chrome’s sandbox by abusing low-level GPU operations that browsers usually keep isolated, making this a rare but powerful path to deeper system access.

For most users, a sandbox escape like this means that visiting a malicious site is sufficient to potentially break out of the browser’s security bubble and interact with the underlying system. This is especially critical in targeted attacks where just opening a webpage could trigger a silent compromise without requiring any download or click.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the zero-day vulnerability on June 23, 2025.

The exact nature of the attacks weaponizing the flaw has not been disclosed, but Google acknowledged that an “exploit for CVE-2025-6558 exists in the wild.” That said, the discovery by TAG alludes to the possibility of nation-state involvement.

The development comes about two weeks after Google addressed another actively exploited Chrome zero-day (CVE-2025-6554, CVSS score: 8.1), which was also reported by Lecigne on June 25, 2025.

Google has resolved a total of five zero-day vulnerabilities in Chrome that have been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. This includes: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, and CVE-2025-6554.

To safeguard against potential threats, it’s advised to update their Chrome browser to versions 138.0.7204.157/.158 for Windows and Apple macOS, and 138.0.7204.157 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome, and select Relaunch.

Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Issues like this often fall under broader categories like GPU sandbox escapes, shader-related bugs, or WebGL vulnerabilities. While not always headline-grabbing, they tend to resurface in chained exploits or targeted attacks. If you follow Chrome security updates, it’s worth keeping an eye out for graphics driver flaws, privilege boundary bypasses, and memory corruption in rendering paths, as they often point to the next round of patch-worthy bugs.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Previous Post

Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Next Post

AI Agents Act Like Employees With Root Access—Here’s How to Regain Control

Related Posts

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a hacking crew it tracks as UNC6148. The number of known
Avatar
Read More

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host
Avatar
Read More

From the “Department of No” to a “Culture of Yes”: A Healthcare CISO’s Journey to Enabling Modern Care

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has
Avatar
Read More