← back
CVE-2025-6558

CVE-2025-6558

CVSS 8.8 HIGHEPSS 9.5%● KEVCWE-20
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 9.5%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
15 Jul 2025Published on NVD
22 Jul 2025Active exploitation (CISA KEV)
22 Jul 2025Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Google Chrome had a flaw where it didn't properly check data from websites, allowing an attacker to create a malicious webpage that could break out of Chrome's security sandbox. This is serious because it could let attackers access files and programs on your computer.

Technical detail

Insufficient input validation in ANGLE and GPU processing allowed remote code execution with sandbox escape via crafted HTML. Attack requires user interaction (visiting a malicious webpage); successful exploitation bypasses Chrome's sandbox isolation, potentially granting attacker access to system resources beyond the browser process.

Summary generated and translated by AI from the official description.
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome
public PoCs found2
githubgithub.com/DevBuiHieu/CVE-2025-6558-Proof-Of-Concept7githubgithub.com/gmh5225/CVE-2025-6558-exp1
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.htmlhttp://seclists.org/fulldisclosure/2025/Aug/0http://seclists.org/fulldisclosure/2025/Jul/30http://seclists.org/fulldisclosure/2025/Jul/32http://seclists.org/fulldisclosure/2025/Jul/35http://seclists.org/fulldisclosure/2025/Jul/37https://issues.chromium.org/issues/427162086https://lists.debian.org/debian-lts-announce/2025/08/msg00015.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558http://www.openwall.com/lists/oss-security/2025/08/02/1