Google Addresses Fifth Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6558)

Posted by Author Diksha Ojha on Posted on

Google addressed six vulnerabilities impacting the Chrome browser. One of the vulnerabilities tracked as CVE-2025-6558 is being exploited in the wild. Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.

The incorrect validation of untrusted input exists in ANGLE (Almost Native Graphics Layer Engine) and the GPU (Graphics Processing Units). Successful exploitation of the vulnerability may potentially allow a remote attacker to perform a sandbox escape via a crafted HTML page. ANGLE is a translation layer between Chrome’s rendering engine and device-specific graphics drivers. Successful exploitation of the vulnerability in ANGLE may allow attackers to escape Chrome’s sandbox by abusing low-level GPU operations that browsers usually keep isolated. This makes this a rare but powerful path to deeper system access.

This is the fifth zero-day vulnerability Google has patched since the start of the year. The previous four are:

Other vulnerabilities patched by Google are mentioned below:

  • CVE-2025-7656 is an integer overflow flaw in the V8 JavaScript engine.
  • CVE-2025-7657 is a use-after-free flaw in WebRTC.

Affected Versions

The vulnerability affects Google Chrome versions before 138.0.7204.157.

Mitigation

Customers must upgrade to the latest stable channel version 138.0.7204.157/.158 for Windows, Mac, and 138.0.7204.157 for Linux.

For more information, please refer to the Google Chrome Release Page.

Qualys Detection

Qualys customers can scan their devices with QID 383576 to detect vulnerable assets.

Rapid Response with Patch Management (PM)

Qualys Patch Management and its Zero-Touch Patching feature provide a seamless, automated process of patching a vulnerability like this.

Zero-Touch Patching identifies the most vulnerable products in your environment and automates the deployment of necessary patches and configuration adjustments. This streamlines the patching process and ensures vulnerabilities are addressed promptly.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html

Leave a Reply

Your email address will not be published. Required fields are marked *