Google on Tuesday introduced a recent set of Chrome safety updates that resolve six vulnerabilities, together with one exploited within the wild.
The zero-day bug, tracked as CVE-2025-6558, is described as an incorrect validation of untrusted enter within the browser’s ANGLE and GPU parts.
ANGLE, quick for Virtually Native Graphics Layer Engine, is an open supply, cross-platform graphics engine used because the default WebGL backend in each Chrome and Firefox on Home windows. Chrome primarily makes use of the GPU element to render graphics and video content material on webpages.
Based on a NIST advisory, profitable exploitation of the flaw may permit distant attackers to flee the browser’s sandbox by way of crafted HTML pages.
“Google is conscious that an exploit for CVE-2025-6558 exists within the wild,” Google notes in its advisory.
That is the fifth zero-day patched by Google within the Chrome browser so far this 12 months.
As ordinary, the web big avoided sharing particulars on the noticed assaults, however famous that the safety defect was reported by Clément Lecigne and Vlad Stolyarov of Google’s Risk Evaluation Group.
TAG researchers are recognized for uncovering vulnerabilities exploited by business spyware and adware distributors, together with some within the Chrome browser, and this might be the case for the newly disclosed CVE as properly.Commercial. Scroll to proceed studying.
The recent Chrome replace addresses two different bugs reported by exterior researchers, specifically CVE-2025-7656, an integer overflow problem within the V8 JavaScript engine, and CVE-2025-7657, a use-after-free flaw in WebRTC.
Google says it paid a $7,000 reward for the V8 defect, however has but to reveal the quantity handed out for the WebRTC problem. Per the corporate’s guidelines, no bug bounty might be awarded for the internally found zero-day.
The newest Chrome iteration is now rolling out as variations 138.0.7204.157/.158 for Home windows and macOS, and as model 138.0.7204.157 for Linux. Customers are suggested to replace their browsers as quickly as potential.
Associated: Chrome 138 Replace Patches Zero-Day Vulnerability
Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities
Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities
Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs
