Emergency Chrome Update: Google Patches Actively Exploited Zero-Day Allowing Sandbox Escape
Google has released an emergency update for its Chrome browser, addressing six security vulnerabilities—one of which is already being actively exploited in the wild. The flaws affect critical components related to Chrome’s graphics engine and pose a significant threat by enabling potential escape from the browser’s sandboxing mechanism, which is designed to isolate Chrome processes from the rest of the operating system.
The most severe of the patched vulnerabilities is CVE-2025-6558, carrying a CVSS score of 8.8. It stems from improper handling of untrusted data within the ANGLE and GPU components. ANGLE, or Almost Native Graphics Layer Engine, acts as a translation layer between the browser and the system’s graphics drivers. This makes it a prime vector for malicious web pages to trigger a so-called “sandbox escape,” allowing low-level interaction with the underlying system.
This technique is particularly dangerous in targeted attacks, where simply visiting a compromised webpage can result in silent infection—without any clicks or file downloads. According to Google’s developers, an exploit for this vulnerability is already being used in real-world attacks, though specific details and targets remain undisclosed. The flaw was discovered by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group and reported on June 23, 2025.
The fact that the vulnerability is being exploited and was identified by a team focused on nation-state threats suggests possible involvement of state-backed cyber actors.
The update also resolves five additional vulnerabilities, including CVE-2025-6554, also discovered by Lecigne on June 25. This marks the fifth instance this year in which Google has patched vulnerabilities that were either actively exploited or released as proof-of-concept code. Other fixed issues include CVE-2025-2783, CVE-2025-4664, and CVE-2025-5419.
Users are strongly advised to update Chrome to version 138.0.7204.157 or 138.0.7204.158 for Windows and macOS, and version 138.0.7204.157 for Linux. The update can be installed via the “About Chrome” section in the browser’s settings. Users of Chromium-based browsers—such as Edge, Brave, Opera, and Vivaldi—should also remain vigilant for corresponding updates.
Although vulnerabilities affecting graphics components and process isolation mechanisms rarely make headlines, they are often exploited in complex attack chains. Special attention should be paid to privilege boundary bypasses, GPU and WebGL flaws, and memory corruption during rendering—areas that frequently serve as launchpads for the next wave of critical security threats.
