PT-2025-29589 · Google+12 · Google Chrome+12
Clément Lecigne
+1
·
Published
2025-07-15
·
Updated
2026-01-16
·
CVE-2025-6558
CVSS v2.0
10
High
| AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 138.0.7204.157
Microsoft Edge versions prior to 138.0.3351.95
Opera versions prior to 120.0.5543.93
Opera GX versions prior to 120.0.5543.85
Opera Air versions prior to 120.0.5543.86
Apple Safari (via WebKit) versions prior to iOS 18.6 and macOS Sequoia 15.6
Description
A high-severity vulnerability exists in the ANGLE and GPU components of Google Chrome and Chromium-based browsers. This flaw involves improper validation of untrusted input, potentially allowing a remote attacker to escape the browser's sandbox via a crafted HTML page. This could lead to remote code execution. The vulnerability is actively being exploited in the wild. Apple's Safari, which utilizes the WebKit engine, is also affected.
Recommendations
- Update Google Chrome to version 138.0.7204.157 or later.
- Update Microsoft Edge to version 138.0.3351.95 or later.
- Update Opera to version 120.0.5543.93 or later.
- Update Opera GX to version 120.0.5543.85 or later.
- Update Opera Air to version 120.0.5543.86 or later.
- Update Apple iOS to version 18.6 or later.
- Update Apple macOS to Sequoia 15.6 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Google Chrome
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu