Critical Chrome Vulnerability Patched After Exploitation
A critical vulnerability in Google Chrome has been discovered and patched. The flaw, identified as CVE-2025-6558, allows remote attackers to potentially escape sandboxes via a crafted HTML page. Google's Threat Analysis Group (TAG) reported the issue on June 23, 2025.
The vulnerability affects ANGLE (Almost Native Graphics Layer Engine) in Google Chrome versions prior to 138.0.7204.157. Google TAG suspects that a nation-state actor or commercial spyware vendor exploited the issue in the wild before it was patched. Apple has since released WebKit security updates to address CVE-2025-6558 in multiple products, including iOS, macOS, iPadOS, visionOS, watchOS, and tvOS.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its severity and the need for prompt action.
Google Chrome users are advised to update their browsers to the latest version to protect against this vulnerability. Apple users should also ensure their devices are up-to-date with the latest security patches. Further investigation is needed to determine the full extent of the exploit and any potential data compromise.
