Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)

Source: Help Net Security

Author: Zeljka Zorz

URL: https://www.helpnetsecurity.com/2025/07/16/update-google-chrome-to-fix-actively-exploited-zero-day-cve-2025-6558/

ONE SENTENCE SUMMARY:

Google patched a critical Chrome zero-day vulnerability, CVE-2025-6558, actively exploited to escape the browser’s security sandbox.

MAIN POINTS:

1. CVE-2025-6558 is a high-severity vulnerability in Chrome’s ANGLE and GPU.
2. Incorrect input validation enables attackers to escape Chrome’s sandbox.
3. The flaw was reported by Google Threat Analysis Group researchers.
4. Attack requires users to visit a specially crafted HTML page.
5. Active exploitation suggests involvement of state-sponsored or mercenary actors.
6. Also patched: CVE-2025-7656 (V8 engine) and CVE-2025-7657 (WebRTC).
7. Affects Chrome for Windows, macOS, and Linux prior to v138.0.7204.157/.158.
8. Users are advised to update Chrome to the latest version promptly.
9. Other Chromium-based browsers are expected to receive similar updates.
10. Microsoft is preparing a similar fix for the Edge browser.

TAKEAWAYS:

1. Update Chrome to prevent exploitation of CVE-2025-6558.
2. The vulnerability underscores the importance of regular software updates.
3. Stay informed about security alerts for proactive protection.
4. Other browsers like Edge, Brave, Opera, and Vivaldi are implementing fixes.
5. Vigilance against specially crafted web content is crucial for security.