Chrome Update Patches Fifth Zero-Day of 2025

Posted on By CWS

Google on Tuesday introduced a recent set of Chrome safety updates that resolve six vulnerabilities, together with one exploited within the wild.

The zero-day bug, tracked as CVE-2025-6558, is described as an incorrect validation of untrusted enter within the browser’s ANGLE and GPU parts.

ANGLE, quick for Virtually Native Graphics Layer Engine, is an open supply, cross-platform graphics engine used because the default WebGL backend in each Chrome and Firefox on Home windows. Chrome primarily makes use of the GPU element to render graphics and video content material on webpages.

Based on a NIST advisory, profitable exploitation of the flaw may permit distant attackers to flee the browser’s sandbox by way of crafted HTML pages.

“Google is conscious that an exploit for CVE-2025-6558 exists within the wild,” Google notes in its advisory.

That is the fifth zero-day patched by Google within the Chrome browser so far this 12 months.

As ordinary, the web big avoided sharing particulars on the noticed assaults, however famous that the safety defect was reported by Clément Lecigne and Vlad Stolyarov of Google’s Risk Evaluation Group.

TAG researchers are recognized for uncovering vulnerabilities exploited by business spyware and adware distributors, together with some within the Chrome browser, and this might be the case for the newly disclosed CVE as properly.Commercial. Scroll to proceed studying.

The recent Chrome replace addresses two different bugs reported by exterior researchers, specifically CVE-2025-7656, an integer overflow problem within the V8 JavaScript engine, and CVE-2025-7657, a use-after-free flaw in WebRTC.

Google says it paid a $7,000 reward for the V8 defect, however has but to reveal the quantity handed out for the WebRTC problem. Per the corporate’s guidelines, no bug bounty might be awarded for the internally found zero-day.

The newest Chrome iteration is now rolling out as variations 138.0.7204.157/.158 for Home windows and macOS, and as model 138.0.7204.157 for Linux. Customers are suggested to replace their browsers as quickly as potential.

Associated: Chrome 138 Replace Patches Zero-Day Vulnerability

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , ,

Related Posts

Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign Security Week News
Webinar Today: Redefining Vulnerability Management With Exposure Validation Security Week News
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks Security Week News
FBI Shares IoCs for Recent Salesforce Intrusion Campaigns Security Week News
Google Gemini Tricked Into Showing Phishing Message Hidden in Email  Security Week News
Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication Security Week News