New Report Alert: Top Ransomware Attacks of 2025. Being Prepared for 2026
Get a Demo

Vulnerabilities

CVE-2025-6558

Actively Exploited Chrome Zero-Day via ANGLE GPU Input Validation Flaw: Analyzing CVE-2025-6558

Vulnerability Overview 

CVE ID: CVE-2025-6558 

CVE Title: Google Chrome: Remote Sandbox Escape via Improper Input Validation in ANGLE and GPU Components 

Severity: High 

Exploit Status: Actively Exploited in the Wild 

Business Risk: High. This vulnerability lets remote attackers escape the browser sandbox and gain system access via crafted HTML, risking full endpoint compromise. 

Compliance Impact: Possible non-compliance with NIST 800-53, ISO 27001, and CISA BOD 22-01 due to delayed response to a known exploited vulnerability.

CVE-2025-6558 is a serious bug in Google Chrome’s ANGLE and GPU parts, caused by improper input checks. Found by Google’s Threat Analysis Group, it lets attackers break out of the browser’s sandbox and possibly access the system if a user visits a harmful website. It affects Chrome versions before 138.0.7204.157 and is already being used in real attacks. CISA has listed it as a known threat, with a patch deadline for federal agencies by August 12, 2025.

Urgent Actions Required

  • Update Google Chrome to version 138.0.7204.157 or later on Linux, and 138.0.7204.157/.158 on Windows and macOS
  • Update Microsoft Edge to version 138.0.3351.95 or later
  • Apply patches for other Chromium-based browsers (e.g., Brave, Opera, Vivaldi) as vendors release updates
  • Apply patches before August 12, 2025, as mandated by CISA for federal agencies
  • Avoid visiting suspicious or untrusted websites until fully updated

Which Systems Are Vulnerable to CVE-2025-6558?

Technical Overview

  • Vulnerability Type: Sandbox Escape via Improper Input Validation in ANGLE and GPU components
  • Affected Software/Versions:
    • Google Chrome versions prior to 138.0.7204.157
    • Microsoft Edge versions prior to 138.0.3351.95
    • Other Chromium-based browsers (e.g., Brave, Opera, Vivaldi) – pending vendor patches
  • Attack Vector: Remote – via crafted malicious HTML pages
  • CVSS Score: 8.8
  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
  • Patch Availability: Yes – available from Google and Microsoft as of July 15–16, 2025[4]

How Does the CVE‑2025‑6558 Exploit Work?

The attack typically follows these steps:

How Does the CVE‑2025‑6558 Exploit Work? 

What Causes CVE‑2025‑6558?

Vulnerability Root Cause:  

This vulnerability happens because Chrome’s ANGLE and GPU components don’t properly check untrusted input. Visiting a malicious page can let attackers bypass the browser’s sandbox and access the system.

How Can You Mitigate CVE‑2025‑6558?

If immediate patching is delayed or not possible:  

  • Avoid visiting unknown or untrusted websites that might have harmful GPU content targeting Chrome. 
  • Limit Chromium-based browser use to trusted users and networks with access controls. 
  • Watch browser logs and network traffic for unusual GPU-related activity or suspicious browsing. 
  • Use security tools like Web Application Firewalls to block suspicious pages with harmful GPU commands. 
  • Keep browsers updated regularly and consider automating updates to reduce risk.

Which Assets and Systems Are at Risk?

Asset Types Affected:

  • End-user devices running Google Chrome versions prior to 138.0.7204.157
  • Devices using Microsoft Edge versions before 138.0.3351.95
  • Other Chromium-based browsers (e.g., Brave, Opera, Vivaldi) that have not yet received vendor patches

Business-Critical Systems at Risk:

  • Desktops, laptops, and workstations used for web browsing by employees or privileged users
  • Systems accessing sensitive or internal web applications via Chrome or other Chromium browsers
  • High-value endpoints (like finance, HR, engineering) operated through browsers susceptible to the exploit

Exposure Level:

  • Internet-facing employee devices where users may inadvertently visit malicious webpages
  • Systems with Chrome or other Chromium-based browsers that are not up-to-date
  • Internal network segments where unpatched workstations may access malicious or compromised internal pages

Will Patching CVE‑2025‑6558 Cause Downtime?

Patch application impact: Updating Chrome to fix CVE-2025-6558 usually takes less than a minute. It only requires restarting the browser. There is little to no downtime for users or systems.  

Mitigation (if immediate patching is not possible): If you can’t update immediately, avoid unknown websites and teach users to be careful with suspicious links. These steps lower the risk but don’t fully fix the problem.

How Can You Detect CVE‑2025‑6558 Exploitation?

Indicators of Compromise (IOCs/IOAs):

  • Crafted HTML pages target Chrome’s ANGLE and GPU components by loading malicious GPU-related content during web browsing.

Behavioral Indicators:

  • Visits to malicious or unusual HTML pages containing low-level GPU instructions or graphics API manipulations.
  • Unexpected browser behavior, such as crashes or rendering anomalies, especially during GPU processing.
  • Patterns of GPU rendering issues immediately followed by browser sandbox failure or system instability.

Alerting Strategy:

  • Priority: High, particularly for enterprise or internet-facing user systems.
  • Trigger alerts for:
    • SSL/TLS or HTTP traffic containing suspicious GPU-related HTML content.
    • Unexpected rendering errors or GPU crashes in Chrome logs or browser telemetry.
    • Evidence of sandbox escape or process termination linked to GPU rendering.

Remediation & Response

  • Patch/Upgrade Instructions:
    • Official Chrome Release Notes[2]
    • Microsoft Edge security advisory[3]
  • Remediation Timeline: Immediate patching is strongly recommended due to active exploitation in the wild.
  • Rollback Plan: Ensure backups of browser settings and profiles before updating; verify browser functionality after applying updates.
  • Incident Response Considerations:
    • Isolate affected systems from the network if exploitation is suspected.
    • Review browser logs and system event logs for unusual GPU or sandbox-related errors.
    • Collect forensic evidence of malicious HTML pages or GPU operation anomalies.
    • Strengthen monitoring for suspicious web activity targeting GPU or ANGLE components.
    • After patching, maintain updated browser versions and apply security best practices.

Where Can I Find More Information on CVE‑2025‑6558?

References:

  1. ^NVD – CVE-2025-6558
  2. ^Chrome Security Release Advisory – CVE-2025-6558
  3. ^Microsoft Edge Security Update – CVE-2025-6558
  4. ^Microsoft Security Update Guide – CVE-2025-6558
  5. ^CVE Details – CVE-2025-6558

CVSS Breakdown Table

MetricValue Description
Base Score8.8High severity with strong impact and relatively easy exploitation
Attack VectorNetworkExploitable remotely via web content
Attack ComplexityLowNo special conditions or pre-setup required
Privileges RequiredNoneNo attacker privileges needed
User Interaction RequiredVictim must visit a crafted HTML page
Scope Unchanged Impact remains within the same privilege level
Confidentiality Impact HighCan expose sensitive data by escaping sandbox
Integrity ImpactHighAllows modification or injection of content/code
Availability ImpactHighMay lead to denial of service or stability issues

What’s Hiding in Your Network? - NDR Trends 2025

Discover Now

Related Readings

One Platform for All Adversaries

See Fidelis in action. Learn how our fast and scalable platforms provide full visibility, deep insights, and rapid response to help security teams across the World protect, detect, respond, and neutralize advanced cyber adversaries.

Get a Demo