Back to KEVs

CVE-2025-6558

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...

Basic Information

CVE State: PUBLISHED
Reserved Date: June 23, 2025
Published Date: July 15, 2025
Last Updated: July 30, 2025
Vendor: Google
Product: Chrome
Description: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Score: 2.44% (Percentile: 84.51%) as of 2025-07-29

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-07-16 08:30:35 UTC) Source

References

https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/427162086

Known Exploited Vulnerability Information

Source	Added Date
CyberInsider	2025-07-16 08:30:28 UTC

Recent Mentions

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Source: TheHackerNews • Published: 2025-07-30 10:50:00 UTC

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Source: TheHackerNews • Published: 2025-07-16 09:13:00 UTC

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and

Google Patches Actively Exploited Sandbox Escape Flaw in Chrome

Source: CyberInsider • Published: 2025-07-16 08:23:27 UTC

Google has released an emergency security update for Chrome, addressing six vulnerabilities, including a high-severity flaw currently exploited in the wild. The actively targeted issue, tracked as CVE-2025-6558, stems from improper validation of untrusted input in Chrome's ANGLE and GPU components. The vulnerability was discovered and reported by Clément Lecigne and Vlad Stolyarov of Google's … The post Google Patches Actively Exploited Sandbox Escape Flaw in Chrome appeared first on CyberInsider.

Timeline

CVE ID Reserved

June 23, 2025
CVE Published to Public

July 15, 2025
Added to KEVIntel

July 16, 2025