Google Chrome 0-day Vulnerability Actively Exploited in the Wild – CyberSecurityNews

/in , /by

Google has released an emergency security update for Chrome, addressing a critical zero-day vulnerability that attackers are actively exploiting in real-world attacks.
The tech giant confirmed that CVE-2025-6558 is being leveraged by threat actors, prompting an immediate patch deployment across all supported platforms.
Google Chrome has been updated to version 138.0.7204.157/.158 for Windows and Mac systems, and version 138.0.7204.157 for Linux distributions.
The update addresses six security vulnerabilities, with the most severe being the actively exploited zero-day flaw. The rollout will occur gradually over the coming days and weeks as part of Google’s standard deployment process.
The CVE-2025-6558 vulnerability stems from incorrect validation of untrusted input in ANGLE and GPU components. This flaw was discovered and reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group on June 23, 2025.
The researchers’ affiliation with Google’s internal security team suggests the vulnerability may have been identified through advanced threat monitoring or incident response activities.
Beyond the zero-day exploit, Google addressed two other high-severity vulnerabilities in this update. CVE-2025-7656 represents an integer overflow issue in V8, Chrome’s JavaScript engine, discovered by security researcher Shaheen Fazim. This vulnerability carried a $7,000 bounty reward, reflecting its significant potential impact on user security.
The third high-severity flaw, CVE-2025-7657, involves a use-after-free vulnerability in WebRTC functionality, reported by researcher jakebiles. Use-after-free vulnerabilities can potentially allow attackers to execute arbitrary code or cause system crashes.
Google emphasized that access to detailed bug information remains restricted until most users receive the security update. This approach prevents malicious actors from reverse-engineering patches to develop new exploits before widespread deployment occurs.
The company maintains similar restrictions for vulnerabilities affecting third-party libraries used by other projects.
The update incorporates fixes from Google’s ongoing internal security initiatives, including results from AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL testing frameworks. These automated security tools continuously scan Chrome’s codebase for potential vulnerabilities.
Users should immediately update their Chrome browsers to the latest version. Chrome typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Google Chrome.” Given the active exploitation of CVE-2025-6558, delaying this update could expose users to significant security risks.
The discovery of this zero-day vulnerability underscores the ongoing cat-and-mouse game between security researchers and malicious actors in the browser ecosystem.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now 
Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
© Copyright 2025 – Cyber Security News

source

You might also like
How CMOs are rethinking teams, tools, agencies with AI – Campaign
The Top Artificial Intelligence Trends – ibm.com
How to Use ChatGPT for SEO: 9 Ways to Optimize AI Usage to Drive Visibility (With Sample Prompts) – DesignRush
Google Marketing Live 2025: News and Updates – The Keyword
Ultimate Guide to eCommerce SEO Optimization in 2025 – newskarnataka.com
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild – The Hacker News
AI vs Human Creativity: Who Wins in Digital Marketing? – NASSCOM Community
Browser Games in 2025: How AI, SEO, and the Semantic Web Keep Top Titles Relevant – Analytics Insight