Week 29 – Vulnerability in Google Chrome
14 – 20 July 2025
This week our focus moved to a vulnerability in Google’s browser, tracked as CVE-2025-6558, because it possibly has been exploited in the wild.
This flaw scored 8.8 CVSS score and allow a potential remote attacker to escape the sandbox environment of the browser.
This issue is described as an incorrect validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157. With a specially crafted HTML page, a remote attacker can perform a sandbox escape and access the host system.
ANGLE, short for Almost Native Graphics Layer Engine, is an open source, cross-platform graphics engine used as the default WebGL backend in both Chrome and Firefox on Windows. Chrome primarily uses the GPU component to render graphics and video content on webpages.
It is currently unknown how this vulnerability is exploited, but Google acknowledged that an
exploit for CVE-2025-6558 exists in the wild.
The issue is fixed in the latest version of Chrome: 138.0.7204.157.
For detailed information read this post: https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html
Don’t forget to update regularly!
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.