Severe Chrome browser attack vector fixed in latest Apple OS updates – AppleInsider
AAPL: 209.05 (-2.22)
Copyright © 2025 Quiller Media, Inc. All rights reserved.
· 2 minute read
Google Chrome
Apple has released security updates for iOS and its other operating systems that patches WebKit against a zero-day vulnerability that was actively in use against Google Chrome users.
While companies often release security updates to plug issues in their own security systems, sometimes it’s in response to weaknesses elsewhere. On Tuesday, Apple did just that, to deal with attacks that have occurred against users of Google Chrome.
The issue, known as CVE-2025-6558, it deals with a lack of validation in the Almost Native Graphics Layer Engine (ANGLE), an open-source graphics abstraction layer that handles GPU commands. It is capable of translating OpenGL ES API calls to Direct3D, OpenGL, Vulkan, and Metal, reports BleepingComputer.
Via the use of a simple webpage, it is possible for an attacker to use the vulnerability to remotely run their own code within the Chrome GPU process. This is thought to be a viable way for attackers to try and escape the browser’s sandbox to potentially attack the operating system running it.
Crucially, the technique has apparently been actively exploited in attacks against Chrome users.
The flaw was discovered by Google’s Threat Analysis Group’s Vlad Stolyarov and Clement Lecigne. It was discovered in June, reported to the Chrome team, and patched on July 15.
While the patches to Chrome should fix the issue, Apple still has a vested interest in protecting its own software that may use the same tools. On Tuesday, Apple released WebKit security updates to do just that.
The security updates apply as part of iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, tvOS 18.6, watchOS 11.6, and visionOS 2.6.
In Apple’s own explanation of the patches, Apple says that “maliciously crafted web content may lead to an unexpected Safari crash.” It goes on to state that it is a “vulnerability in open source code and Apple Software is among the affected projects.”
While the exploit is apparently actively being used by malicious actors, there are a few things end users can do to protect themselves.
For a start, it is good practice to update operating systems to their latest release, to ensure they are up-to-date in terms of security content. This also applies to software that runs on those operating systems, which in this case includes updating Chrome itself.
It is also best that users practice good digital hygiene, such as trusting links from valid sources. It’s also advised to avoid going to websites that may be crafted to enable such an attack in the first place.
Based in South Wales, Malcolm Owen has written about tech since 2012, previously for Electronista and MacNN. His interests include photography, magic tricks, game development, and annoying his cats.
The article clarifies that Chrome was merely a victim of this issue, and that Safari was affected, as well. Intentionally misleading headline.
