Google has released fixes for six vulnerabilities in the Chrome browser. One of these vulnerabilities was already being exploited in real attacks to bypass the browser’s sandbox.
The vulnerability CVE-2025-6558 (scoring 8.8 on the CVSS scale), discovered by Google Threat Analysis Group (TAG) specialists Clément Lecigne and Vlad Stolyarov, is associated with inadequate validation of untrusted input in the ANGLE and GPU components of the browser.
“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome versions prior to 138.0.7204.157 potentially allowed a remote attacker to escape the sandbox through a specially crafted HTML page,” reads the vulnerability description in the NIST NVD.
The open-source ANGLE (Almost Native Graphics Layer Engine) serves as a layer between Chrome’s rendering engine and the graphics drivers of specific devices. It is used to translate OpenGL ES API calls into Direct3D, Metal, Vulkan, and OpenGL.
Since ANGLE processes commands for the GPU from untrusted sources (such as sites using WebGL), issues in this component can seriously impact security. Vulnerabilities in this module can allow attackers to escape the browser sandbox by using low-level GPU operations that are usually isolated.
In fact, the user only needs to visit a malicious site for attackers to gain the ability to escape the browser’s sandbox and interact with the underlying OS.
Google has not disclosed exactly how the vulnerability was used in attacks or who might have been behind them. The company only specified that a working exploit exists for CVE-2025-6558.
However, it is worth noting that Google TAG specializes in protecting the company’s clients from the activities of “government” hackers, targeted attacks, and other advanced threats. Due to this, the TAG team often discovers 0-day exploits used by APT for targeted attacks or for infecting the devices of politicians, dissidents, and journalists with spyware.
Given the severity of CVE-2025-6558 and the fact that it has already been exploited in attacks, Chrome users are advised to update to version 138.0.7204.157 or .158 (depending on the operating system) as soon as possible.
As mentioned above, in addition to CVE-2025-6558, Chrome also addressed five other vulnerabilities, including a serious issue in the V8 engine (CVE-2025-7656), as well as a use-after-free bug in WebRTC (CVE-2025-7657).
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →