Redazione RHC : 17 July 2025 12:31
Google has released an emergency update for the Chrome browser, simultaneously eliminating six vulnerabilities, one of which is already actively exploited in real-world attacks. The issue affects critical components associated with the browser’s graphics engine and can lead to an exit from the sandbox, a protection mechanism that isolates Chrome processes from the rest of the system.
The most severe vulnerability addressed was CVE-2025-6558, with a CVSS score of 8.8. This concerns the incorrect handling of untrusted data in ANGLE and GPU components. ANGLE, or Almost Native Graphics Layer Engine, serves as a layer between the browser and the graphics hardware drivers. It is through this that a malicious web page can launch a so-called “sandbox escape” and interact with the rest of the system at a lower level.
This method is particularly dangerous in targeted attacks: opening a page is enough to receive an undetectable infection, without clicking or downloading any files. Google developers have noted that the exploit for this vulnerability is already being used in real-world attacks, although the details and specific targets have not been disclosed. The discovery of the issue is attributed to Threat Analysis Group specialists Clement Lesin and Vlad Stolyarov, who reported the vulnerability on June 23, 2025.
The fact that the vulnerability is being exploited in real-world attacks and was discovered by a team of nation-state threat experts indicates the possible involvement of national-level cyber actors. The Chrome update fixes five other vulnerabilities, including CVE-2025-6554, also discovered by Lesin on June 25. This is the fifth time this year that Google has fixed actively exploited proof-of-concept vulnerabilities. The list also includes CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.
To protect users, we recommend updating Chrome to version 138.0.7204.157 or 138.0.7204.158 for Windows and macOS, and to 138.0.7204.157 for Linux. The latest version can be installed via the “About” section in the settings. Owners of Chromium-based browsers such as Edge, Brave, Opera, and Vivaldi should also keep an eye on the release of updates.
Vulnerabilities related to graphics components and process isolation mechanisms don’t always make the headlines, but they are often exploited in attack chains. Particularly noteworthy are privilege limit bypasses, GPU and WebGL bugs, and memory corruption during rendering: These are the areas that often become the basis for subsequent critical vulnerabilities.
Redazione