CVE-2025-6558: A New Google Chrome Zero-Day Exploited in the Wild

Published Date: July 16, 2025
Category: ShadowOpsIntel
Share:

CVE-2025-6558 is a severe zero-day vulnerability discovered in Google Chrome’s ANGLE and GPU components. First reported on June 23, 2025 by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG), the flaw has been actively exploited in the wild before a fix was available. Google released an emergency patch in Chrome version 138.0.7204.157/.158 on July 15, 2025 to mitigate the threat.

Severity Level: High

Vulnerability Details

  • The vulnerability stems from improper validation of untrusted input in ANGLE/GPU pipelines. ANGLE, which translates WebGL API calls to native graphics APIs (like Direct3D/OpenGL/Metal), failed to adequately sanitize input passed from the browser’s JavaScript/WebGL context, creating a gateway for attacker-controlled data to trigger unintended GPU behavior.
  • This improper handling allows the crafting of malicious WebGL content that could exploit memory corruption, leading to arbitrary code execution within the browser’s GPU process context.

Affected Versions

  • Google Chrome versions before 138.0.7204.157/.158 for Windows, Mac
  • Google Chrome versions before 138.0.7204.157 for Linux
  • Google Chrome versions before 138.0.7204.157 for Android
  • Google Chrome versions before 138.0.7204.156 for iOS

Exploitation Of The Vulnerability

  • In the Wild Exploitation: Confirmed by Google TAG. The attack was discovered before patch availability, classifying it as a zero-day.
  • Likely Exploitation Chain:
    • Malicious website or ad delivers specially crafted WebGL or GPU-accelerated content.
    • Chrome processes the content using ANGLE.
    • Due to faulty input validation, memory corruption occurs in the GPU pipeline.
    • Attacker gains control of the GPU process, possibly achieving RCE or sandbox escape (depending on chaining).
  • Exploit Targets: Likely indiscriminate – any user accessing a malicious site with an unpatched Chrome version.

Recommendations

  1. Chrome users should immediately update their browser to the latest version.
  2. Enforce auto-updates for Chrome in enterprise environments.
  3. Enable Enhanced Safe Browsing mode for real-time protection.

Source:

  • https://gbhackers.com/google-chrome-0-day-vulnerability/
  • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
  • https://chromereleases.googleblog.com/2025/07/chrome-stable-for-ios-update.html
  • https://chromereleases.googleblog.com/2025/07/chrome-for-android-update.html

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.