PT-2025-29589 · Google +1 · Google Chrome +1
Clément Lecigne
+1
·
Published
2025-07-15
·
Updated
2025-07-16
·
CVE-2025-6558
CVSS v3.1
8.8
8.8
High
| Base vector | Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
**Name of the Vulnerable Software and Affected Versions:**
Google Chrome versions prior to 138.0.7204.157
**Description:**
A critical vulnerability exists in Google Chrome due to insufficient validation of untrusted input in the ANGLE and GPU components. This flaw allows a remote attacker to potentially escape the browser's sandbox through a crafted HTML page. This vulnerability is actively exploited in the wild, and exploitation may involve nation-state actors. Approximately an estimated number of devices worldwide are potentially affected.
**Recommendations:**
Update Google Chrome to version 138.0.7204.157 or later.
Fix
RCE
Weakness Enumeration
Related Identifiers
CVE-2025-6558
Affected Products
Debian
Google Chrome
References · 85
- https://nvd.nist.gov/vuln/detail/CVE-2025-6558 · Security Note
- https://security-tracker.debian.org/tracker/CVE-2025-6558 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6558 · Security Note
- https://safe-surf.ru/specialists/bulletins-nkcki/722692 · Security Note
- https://security-tracker.debian.org/tracker/source-package/chromium · Vendor Advisory
- https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html · Note
- https://packages.debian.org/src:chromium · Note
- https://twitter.com/fridaysecurity/status/1945478618026569750 · Twitter Post
- https://twitter.com/YorickReintjens/status/1945395126735343672 · Twitter Post
- https://twitter.com/WomenCSSociety/status/1945601733356654729 · Twitter Post
- https://t.me/c/1262650373/85787 · Telegram Post
- https://twitter.com/xvonfers/status/1945230600190726424 · Twitter Post
- https://t.me/c/1112940443/131034 · Telegram Post
- https://vivaldi.com/blog/desktop/minor-update-three-7-5 · Reddit Post
- https://twitter.com/dailytechonx/status/1945589258128920898 · Twitter Post