Google Releases Security Update for Chrome
Security update addresses an exploited high severity vulnerability in Google Chrome
Summary
Security update addresses an exploited high severity vulnerability in Google Chrome
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2025-6558
Google is aware that an exploit for CVE-2025-6558 exists in the wild.
Introduction
Google has released version 138.0.7204.157/.158 for Chrome for Windows and Mac and 138.0.7204.157 for Chrome for Linux, which will roll out over the coming days/weeks.
The updates address three high severity vulnerabilities, including CVE-2025-6558, which has an exploit in the wild.
- CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU vulnerability - CVSSv3 score: 8.8
- Exploitation could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2025-7656: Integer overflow in V8 - CVSSv3 score: 8.8
- Exploitation could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2025-7657: Use after free in WebRTC - CVSSv3 score: 8.8
- Exploitation could allow remote attacker to potentially exploit heap corruption via a crafted HTML page.
Remediation advice
Affected organisations are encouraged to review the Chrome Release 138.0.7204.157/.158 Stable Channel advisory and apply the update for the latest release.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 18 July 2025 1:22 pm