Chrome Update Patches Fifth Zero-Day of 2025

Chrome Update Patches Fifth Zero-Day of 2025

Posted on By CWS

Google on Tuesday introduced a recent set of Chrome safety updates that resolve six vulnerabilities, together with one exploited within the wild.

The zero-day bug, tracked as CVE-2025-6558, is described as an incorrect validation of untrusted enter within the browser’s ANGLE and GPU parts.

ANGLE, quick for Virtually Native Graphics Layer Engine, is an open supply, cross-platform graphics engine used because the default WebGL backend in each Chrome and Firefox on Home windows. Chrome primarily makes use of the GPU element to render graphics and video content material on webpages.

Based on a NIST advisory, profitable exploitation of the flaw may permit distant attackers to flee the browser’s sandbox by way of crafted HTML pages.

“Google is conscious that an exploit for CVE-2025-6558 exists within the wild,” Google notes in its advisory.

That is the fifth zero-day patched by Google within the Chrome browser so far this 12 months.

As ordinary, the web big avoided sharing particulars on the noticed assaults, however famous that the safety defect was reported by Clément Lecigne and Vlad Stolyarov of Google’s Risk Evaluation Group.

TAG researchers are recognized for uncovering vulnerabilities exploited by business spyware and adware distributors, together with some within the Chrome browser, and this might be the case for the newly disclosed CVE as properly.Commercial. Scroll to proceed studying.

The recent Chrome replace addresses two different bugs reported by exterior researchers, specifically CVE-2025-7656, an integer overflow problem within the V8 JavaScript engine, and CVE-2025-7657, a use-after-free flaw in WebRTC.

Google says it paid a $7,000 reward for the V8 defect, however has but to reveal the quantity handed out for the WebRTC problem. Per the corporate’s guidelines, no bug bounty might be awarded for the internally found zero-day.

The newest Chrome iteration is now rolling out as variations 138.0.7204.157/.158 for Home windows and macOS, and as model 138.0.7204.157 for Linux. Customers are suggested to replace their browsers as quickly as potential.

Associated: Chrome 138 Replace Patches Zero-Day Vulnerability

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , ,

Related Posts

China’s Cyber Silence is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says China’s Cyber Silence is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says Security Week News
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data Nike Probing Potential Security Incident as Hackers Threaten to Leak Data Security Week News
Salesloft GitHub Account Compromised Months Before Salesforce Attack Salesloft GitHub Account Compromised Months Before Salesforce Attack Security Week News
Hackers Target Swedish Power Grid Operator Hackers Target Swedish Power Grid Operator Security Week News
Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm Security Week News
The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn Security Week News