Once again, Google must seal security gaps in the Chrome web browser, one of which is already misused by attackers in the wild. If you use Chrome, you should make sure that the browser runs in the current version.
In the termination of the version, Google writes that the update repairs a total of six weaknesses. Google only provides three of them on their nature, which were apparently reported by external IT security researchers. The developers classify all three as a high risk. “Google is known that an exploit for CVE-2025-6558 exists in the wild,” the developers literally write there. Most recently, Google had had to stuff a weak point in the Chrome browser, which was already abused by malignant actors.
Google Chrome: Attacked security hole
“Incorrect examination of non-trustworthy entries in Angle and GPU” Google Knapp describes the attacked security gap (CVE-2025-6558 / EuVD-2025-21546CVSS 8.8Risk “high“). Behind Angle is the” Almost Native Graphics Layer Engine “developed by Google, which is used as standard as a web-backing in Chrome (and in Firefox) and translated graphics function calls into directx, OpenGL or similar abstraction layers.
In addition, attackers can abuse an integer overflow in the JavaScript engine V8 (CVE-2025-7656 / EuVD-2025-21547CVSS 8.8Risk “high“) as well as a use-ferry free gap in WebRTC (CVE 2025-7657 / EuVD-2025-21545CVSS 8.8Risk “high“).. Google does not call Google, but as a rule, attackers can attack such stated security gaps with manipulated websites, for example, performing the harmful code.
The error-adjusted browser versions are Chrome 138.0.7204.157 for Android, 138.0.7204.156 for iOS, 138.0.7204.157 for Linux and 138.0.7204.157/.158 for MacOS and Windows.
Version test
The version dialog from the web browser reveals which software level is currently active. It can be reached via the browser menu, which is behind the symbol with three stacked points on the right of the address bar. There it continues through “Help” – “About Google Chrome”.
Under Linux, users usually have to start the software management of the distribution used. The updates come to the respective app stores on smartphones, but sometimes with delay.
Since other web browsers are also based on the Chromium code, they should also be vulnerable. Their manufacturers will also shortly distribute updates to stuff the safety leak, such as Microsoft for the Edge web browser.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.