Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Posted on July 16, 2025July 16, 2025 By CWS

Jul 16, 2025Ravie LakshmananBrowser Safety / Zero-Day
Google on Tuesday rolled out fixes for six safety points in its Chrome net browser, together with one which it stated has been exploited within the wild.
The high-severity vulnerability in query is CVE-2025-6558 (CVSS rating: 8.8), which has been described as an incorrect validation of untrusted enter within the browser’s ANGLE and GPU parts.
“Inadequate validation of untrusted enter in ANGLE and GPU in Google Chrome previous to 138.0.7204.157 allowed a distant attacker to probably carry out a sandbox escape by way of a crafted HTML web page,” based on the outline of the flaw from the NIST’s Nationwide Vulnerability Database (NVD).
ANGLE, brief for “Nearly Native Graphics Layer Engine,” acts as a translation layer between Chrome’s rendering engine and device-specific graphics drivers. Vulnerabilities within the module can let attackers escape Chrome’s sandbox by abusing low-level GPU operations that browsers normally maintain remoted, making this a uncommon however highly effective path to deeper system entry.

For many customers, a sandbox escape like because of this visiting a malicious website is enough to probably escape of the browser’s safety bubble and work together with the underlying system. That is particularly essential in focused assaults the place simply opening a webpage may set off a silent compromise with out requiring any obtain or click on.
Clément Lecigne and Vlad Stolyarov of Google’s Risk Evaluation Group (TAG) have been credited with discovering and reporting the zero-day vulnerability on June 23, 2025.
The precise nature of the assaults weaponizing the flaw has not been disclosed, however Google acknowledged that an “exploit for CVE-2025-6558 exists within the wild.” That stated, the invention by TAG alludes to the opportunity of nation-state involvement.

The event comes about two weeks after Google addressed one other actively exploited Chrome zero-day (CVE-2025-6554, CVSS rating: 8.1), which was additionally reported by Lecigne on June 25, 2025.
Google has resolved a complete of 5 zero-day vulnerabilities in Chrome which were both actively exploited or demonstrated as a proof-of-concept (PoC) because the begin of the yr. This contains: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, and CVE-2025-6554.

To safeguard towards potential threats, it is suggested to replace their Chrome browser to variations 138.0.7204.157/.158 for Home windows and Apple macOS, and 138.0.7204.157 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome, and choose Relaunch.

Customers of different Chromium-based browsers resembling Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they turn out to be obtainable.Points like this usually fall below broader classes like GPU sandbox escapes, shader-related bugs, or WebGL vulnerabilities. Whereas not at all times headline-grabbing, they have a tendency to resurface in chained exploits or focused assaults. When you comply with Chrome safety updates, it is price preserving a watch out for graphics driver flaws, privilege boundary bypasses, and reminiscence corruption in rendering paths, as they usually level to the following spherical of patch-worthy bugs.

Discovered this text attention-grabbing? Comply with us on Twitter  and LinkedIn to learn extra unique content material we submit.

The Hacker News Tags:Active, Chrome, Critical, CVE20256558, Exploit, Google, Releases, Update, Wild

Post navigation

Previous Post: Authorities Dismantled “Diskstation” Ransomware Attacking Synology NAS Devices Worldwide
Next Post: Albemarle County Hit By Ransomware Attack

Related Posts

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors The Hacker News
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions The Hacker News
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability The Hacker News
Beyond Vulnerability Management – Can You CVE What I CVE? The Hacker News
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools The Hacker News
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Lenovo Vantage Vulnerabilities Allow Attackers to Escalate Privileges as SYSTEM User
  • Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
  • Critical Cisco ISE Vulnerability Allows Remote Attacker to Execute Commands as Root User
  • Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime
  • How to Prevent Brute Force Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Lenovo Vantage Vulnerabilities Allow Attackers to Escalate Privileges as SYSTEM User
  • Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
  • Critical Cisco ISE Vulnerability Allows Remote Attacker to Execute Commands as Root User
  • Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime
  • How to Prevent Brute Force Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News