PT-2025-29589 · Google +6 · Google Chrome +6

Clément Lecigne

+1

·

Published

2025-07-15

·

Updated

2025-08-21

·

CVE-2025-6558

Report an issue
CVSS v2.0
10
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C

## Vulnerability Report

**Name of the Vulnerable Software and Affected Versions:** Google Chrome versions prior to 138.0.7204.157, Microsoft Edge (Chromium-based), Brave, Opera. Apple Safari is also affected via WebKit.

**Description:**

This vulnerability (CVE-2025-6558) is a high-severity issue stemming from improper input validation in the ANGLE (Almost Native Graphics Layer Engine) and GPU components of Google Chrome and related Chromium-based browsers. This flaw allows a remote attacker to potentially escape the browser's sandbox, potentially leading to remote code execution. The vulnerability is actively being exploited in the wild. Apple's Safari and WebKit are also affected.

**Recommendations:**

* Update Google Chrome to version 138.0.7204.157 or later.

* Update Microsoft Edge (Chromium-based) to the latest version.

* Update Brave to the latest version.

* Update Opera to the latest version.

* Update Apple iOS to version 18.6 or later.

* Update Apple macOS to the latest version.

* Update Apple watchOS to the latest version.

* Update Apple tvOS to the latest version.

* Update Apple visionOS to the latest version.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025:13780
ALSA-2025:13782
BDU:2025-08785
CESA-2025_13780
CVE-2025-6558
DSA-5963-1
RHSA-2025_13780
RHSA-2025_13782
SUSE-SU-2025:02777-1
USN-7702-1

Affected Products

Almalinux
Centos
Debian
Google Chrome
Apple Macos
Red Hat
Red Os