Google has released a critical security update for its Chrome browser to fix six newly discovered vulnerabilities, including one that is already being used by attackers in the wild.
The most serious of these flaws, tracked as CVE-2025-6558, received a high severity rating of 8.8. According to Google, the issue was found by the Threat Analysis Group (TAG) on June 23 and is already being exploited to escape Chrome’s built-in sandbox protection.
This vulnerability exists in ANGLE (Almost Native Graphics Layer Engine), a component that helps Chrome render graphics by converting OpenGL ES commands to other platforms like Direct3D or Vulkan. Because ANGLE handles GPU commands from untrusted sources, like websites using WebGL, any weakness in it can lead to serious security issues.
An attacker can take advantage of this flaw by tricking a user into opening a specially crafted HTML page. If successful, they could run code within the browser’s GPU process and potentially break out of Chrome’s sandbox — a key security layer that isolates browser tasks from the rest of the operating system.
Google has not released full technical details, citing the risk to users. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company noted in its advisory.
Immediate Action Recommended
Chrome users are strongly urged to update their browsers immediately to version 138.0.7204.157 or .158, depending on their system. To check for updates, go to:
chrome://settings/help
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The update will download and install automatically, but users must restart the browser for the changes to take effect.
