Google Chrome Patches Zero-Day GPU Bug Exploited In The Wild

HomeNews* Google released patches for six security flaws in Chrome, including one critical zero-day vulnerability actively exploited.

• The high-severity issue, CVE-2025-6558, allows attackers to bypass browser protections through a flaw in the ANGLE and GPU components.
• The vulnerability can lead to a “Sandbox escape,” enabling remote attackers to access a user’s system through a malicious website.
• Researchers from Google’s Threat Analysis Group identified the flaw, and reports suggest possible involvement of nation-state actors.
• Users are advised to update Chrome and Chromium-based browsers immediately to stay protected. On July 16, 2025, Google released security updates for its Chrome web browser to address six vulnerabilities, one of which has already been exploited by attackers. The most severe flaw, tracked as CVE-2025-6558, affects the browser’s handling of graphics operations and can enable attackers to break out of Chrome’s security protections.

• Advertisement - According to the National Vulnerability Database, “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.” The flaw was first reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) on June 23, 2025.

The ANGLE (Almost Native Graphics Layer Engine) component acts as a bridge between Chrome’s rendering processes and a computer’s graphics drivers. This vulnerability allows attackers to use a specially crafted website to break out of the browser’s restricted environment. “An exploit for CVE-2025-6558 exists in the wild,” Google confirmed in an official post, suggesting possible targeting by advanced attackers.

The company resolved a similar zero-day, CVE-2025-6554, two weeks earlier, also reported by Lecigne. In total, Google has patched five Chrome zero-day bugs so far this year, including CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, and CVE-2025-6554.

Google recommends that users update their browsers to versions 138.0.7204.157 or .158 for Windows and macOS, and 138.0.7204.157 for Linux. Users should go to More > Help > About Google Chrome and select Relaunch to ensure the latest updates are installed. The fixes also apply to other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi when updates become available.

Security experts caution that vulnerabilities in browser graphics components often reappear in targeted attacks. They advise users to remain vigilant for further browser updates and security patches.

Previous Articles:

• Citigroup Set to Launch Citi Stablecoin, Eyes Crypto Custody Next
• UK Leaders Address Stablecoins, Urge Payment Innovation at Mansion House
• Shaurya Leads Crypto Data Team, Invests in 30+ DeFi Tokens
• US House Fails to Pass Crypto Genius, Clarity, Anti-CBDC Acts
• House GOP Revolt Stalls Trump-Backed Crypto Bills in Key Showdown

• Advertisement -