PT-2025-29589 · Google +10 · Google Chrome +10
Clément Lecigne
+1
·
Published
2025-07-15
·
Updated
2025-10-04
·
CVE-2025-6558
CVSS v2.0
10
10
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 138.0.7204.157
Microsoft Edge versions prior to 138.0.3351.95
Opera versions prior to 120.0.5543.93
Opera GX versions prior to 120.0.5543.85
Opera Air versions prior to 120.0.5543.86
Apple Safari (via WebKit) versions prior to iOS 18.6 and macOS Sequoia 15.6
Description
A high-severity vulnerability exists in the ANGLE and GPU components of Google Chrome and Chromium-based browsers. This flaw involves improper validation of untrusted input, potentially allowing a remote attacker to escape the browser's sandbox via a crafted HTML page. This could lead to remote code execution. The vulnerability is actively being exploited in the wild. Apple's Safari, which utilizes the WebKit engine, is also affected.
Recommendations
- Update Google Chrome to version 138.0.7204.157 or later.
- Update Microsoft Edge to version 138.0.3351.95 or later.
- Update Opera to version 120.0.5543.93 or later.
- Update Opera GX to version 120.0.5543.85 or later.
- Update Opera Air to version 120.0.5543.86 or later.
- Update Apple iOS to version 18.6 or later.
- Update Apple macOS to Sequoia 15.6 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
ALSA-2025:13780
ALSA-2025:13782
BDU:2025-08785
CESA-2025_13780
CVE-2025-6558
DLA-4276-1
DSA-5963-1
DSA-5978-1
INFSA-2025_13780
INFSA-2025_13782
RHSA-2025:13780
RHSA-2025:13782
RHSA-2025:14421
RHSA-2025:14422
RHSA-2025:14423
RHSA-2025:14432
RHSA-2025:14433
RHSA-2025:14434
RHSA-2025:14486
RHSA-2025_13780
RHSA-2025_13782
SUSE-SU-2025:02777-1
SUSE-SU-2025_02765-1
SUSE-SU-2025_02766-1
SUSE-SU-2025_02777-1
SUSE-SU-2025_02973-1
USN-7702-1
Affected Products
Almalinux
Astra Linux
Centos
Debian
Google Chrome
Linuxmint
Apple Macos
Red Hat
Red Os
Suse
Ubuntu
References · 410
- https://osv.dev/vulnerability/DLA-4276-1 · Vendor Advisory
- https://osv.dev/vulnerability/UBUNTU-CVE-2025-6558 · Vendor Advisory
- https://cve.org/CVERecord?id=CVE-2025-6558 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7657 · Security Note
- https://safe-surf.ru/specialists/bulletins-nkcki/722691 · Security Note
- https://osv.dev/vulnerability/ALSA-2025:13782 · Vendor Advisory
- https://safe-surf.ru/specialists/bulletins-nkcki/721257 · Security Note
- https://errata.almalinux.org/8/ALSA-2025-13780.html · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43212 · Security Note
- https://bdu.fstec.ru/vul/2025-09508 · Security Note
- https://security-tracker.debian.org/tracker/source-package/chromium · Vendor Advisory
- https://osv.dev/vulnerability/SUSE-SU-2025:02777-1 · Vendor Advisory
- http://repo.red-soft.ru/redos/7.3c/x86_64/updates · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-43227 · Security Note
- https://safe-surf.ru/specialists/bulletins-nkcki/722693 · Security Note