Google has rolled out an urgent update for its Chrome web browser, addressing six identified security vulnerabilities, including a particularly severe zero-day exploit designated as CVE-2025-6558. This high-severity flaw, which has a CVSS score of 8.8, relates to incorrect validation of untrusted input in Chrome’s ANGLE and GPU components.
The vulnerability allows remote attackers to potentially escape the browser’s sandbox through crafted HTML pages, risking deeper system access. As detailed in the National Vulnerability Database, this scenario significantly heightens the risk, particularly in targeted attacks where simply visiting a malicious site can compromise security without users needing to download or click anything.
Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group discovered the vulnerability on June 23, 2025. Although Google did not disclose specific attack details utilizing this flaw, the company’s acknowledgment of an existing exploit indicates potential nation-state involvement.
This announcement follows closely behind another critical Chrome zero-day patch, CVE-2025-6554, addressed by Google just weeks prior. In total, the company has resolved five zero-day vulnerabilities since the year began, a notable indicator of escalating threats targeting web browsers.
To mitigate any risks, Chrome users are urged to update their browsers to version 138.0.7204.157/.158 for Windows and macOS, and 138.0.7204.157 for Linux, as detailed on Google’s support page. Users can verify and install updates by navigating to More > Help > About Google Chrome and selecting Relaunch.
Additionally, users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are similarly advised to apply patches as they become available.
Security experts recommend that users remain vigilant regarding such vulnerabilities, particularly those related to GPU sandbox escapes, shader bugs, and WebGL issues, which are not always prominently featured in security headlines but can significantly impact browser integrity.