Google has recently released a major update to its Chrome web browser. This release addresses a recently elucidated high-severity vulnerability in the CWAF, identified as CVE-2025-6558. With a CVSS score of 8.8, this zero-day vulnerability is critical, posing a high risk to users. As the remote attackers can exploit it easily overall putting everybody at risk. The vulnerability impacts the ANGLE and GPU components of Google Chrome, requiring users to act urgently.
CVE-2025-6558 is due to insufficient validation of external input. This vulnerability allows an attacker to carry out a sandbox escape by loading a specially crafted HTML page. On June 23, 2023, Clément Lecigne and Vlad Stolyarov originated. Both are longtime security researchers and current members of Google’s Threat Analysis Group (TAG). The CVE-2025-6558 vulnerability appeared immediately after another critical vulnerability, CVE-2025-6554. This most recent zero-day vulnerability was reported only two days prior, on June 25, 2025.
ANGLE, which serves as a translation layer between Chrome’s rendering engine and device-specific graphics drivers, plays a crucial role in the browser’s functionality. Because user data passes through this component, any vulnerabilities in this code can greatly undermine user security.
Given the severity of CVE-2025-6558, Google has recommended that all users immediately update their browsers to a more secure version. The update should be available directly by going to More > Help > About Google Chrome in the browser UI. Users must then click the Relaunch button to complete the update process.
“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page,” – NIST’s National Vulnerability Database (NVD).
The timeliness of this update further serves as a reminder that keeping software up-to-date is critical to cybersecurity, especially as new threats emerge. We urge users to continue to be alert and frequently check for patches to keep their systems protected.
