Google has released fixes for six vulnerabilities in the Chrome browser. One of these vulnerabilities was already being exploited in real attacks to bypass the browser’s sandbox.
The vulnerability CVE-2025-6558 (scoring 8.8 on the CVSS scale), discovered by Google Threat Analysis Group (TAG) specialists Clément Lecigne and Vlad Stolyarov, is associated with inadequate validation of untrusted input in the ANGLE and GPU components of the browser.
“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome versions prior to 138.0.7204.157 potentially allowed a remote attacker to escape the sandbox through a specially crafted HTML page,” reads the vulnerability description in the NIST NVD.
The open-source ANGLE (Almost Native Graphics Layer Engine) serves as a layer between Chrome’s rendering engine and the graphics drivers of specific devices. It is used to translate OpenGL ES API calls into Direct3D, Metal, Vulkan, and OpenGL.
Since ANGLE processes commands for the GPU from untrusted sources (such as sites using WebGL), issues in this component can seriously impact security. Vulnerabilities in this module can allow attackers to escape the browser sandbox by using low-level GPU operations that are usually isolated.
In fact, the user only needs to visit a malicious site for attackers to gain the ability to escape the browser’s sandbox and interact with the underlying OS.
Google has not disclosed exactly how the vulnerability was used in attacks or who might have been behind them. The company only specified that a working exploit exists for CVE-2025-6558.
However, it is worth noting that Google TAG specializes in protecting the company’s clients from the activities of “government” hackers, targeted attacks, and other advanced threats. Due to this, the TAG team often discovers 0-day exploits used by APT for targeted attacks or for infecting the devices of politicians, dissidents, and journalists with spyware.
Given the severity of CVE-2025-6558 and the fact that it has already been exploited in attacks, Chrome users are advised to update to version 138.0.7204.157 or .158 (depending on the operating system) as soon as possible.
As mentioned above, in addition to CVE-2025-6558, Chrome also addressed five other vulnerabilities, including a serious issue in the V8 engine (CVE-2025-7656), as well as a use-after-free bug in WebRTC (CVE-2025-7657).
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.02.09 — Abandoned AWS S3 buckets could be used in attacks targeting supply chains
watchTowr discovered plenty of abandoned Amazon S3 buckets that could be used by attackers to deliver malware and backdoors to government agencies and large corporations. The researchers discovered…
Full article →
2025.01.23 — Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
Hackers used the news of Ross Ulbricht pardoning to lure users to a rogue Telegram channel where they are tricked into running malicious PowerShell code. This…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.01.29 — Google to disable Sync in older Chrome versions
Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…
Full article →