CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-6558: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...

Description

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Known Exploited

🚨 Marked as known exploited on July 16th, 2025 (1 day ago).

Classification

CVE ID: CVE-2025-6558

Problem Types

Insufficient validation of untrusted input

Affected Products

Vendor: Google

Product: Chrome

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 26.91% (scored less or equal to compared to others)

EPSS Date: 2025-07-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6558
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
https://issues.chromium.org/issues/427162086

Timeline

2025-07-15 19:40:18 UTC
CVE

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...
2025-07-16 08:30:17 UTC
CyberInsider

Google Patches Actively Exploited Sandbox Escape Flaw in Chrome
2025-07-16 08:31:17 UTC
🚨 Marked as Known Exploited
2025-07-16 09:30:38 UTC
TheHackerNews

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild