CVE-2025-6558
CVE-2025-6558
In short
Google Chrome had a flaw where it didn't properly check data from websites, allowing an attacker to create a malicious webpage that could break out of Chrome's security sandbox. This is serious because it could let attackers access files and programs on your computer.
Technical detail
Insufficient input validation in ANGLE and GPU processing allowed remote code execution with sandbox escape via crafted HTML. Attack requires user interaction (visiting a malicious webpage); successful exploitation bypasses Chrome's sandbox isolation, potentially granting attacker access to system resources beyond the browser process.
Summary generated and translated by AI from the official description.
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 2
githubgithub.com/DevBuiHieu/CVE-2025-6558-Proof-Of-Concept★ 7githubgithub.com/gmh5225/CVE-2025-6558-exp★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.htmlhttp://seclists.org/fulldisclosure/2025/Aug/0http://seclists.org/fulldisclosure/2025/Jul/30http://seclists.org/fulldisclosure/2025/Jul/32http://seclists.org/fulldisclosure/2025/Jul/35http://seclists.org/fulldisclosure/2025/Jul/37https://issues.chromium.org/issues/427162086https://lists.debian.org/debian-lts-announce/2025/08/msg00015.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558http://www.openwall.com/lists/oss-security/2025/08/02/1