Google has urgently released a security update for Chrome 138 to fix a critical zero-day vulnerability actively exploited. Known as CVE-2025-6558, this flaw affects Chrome’s ANGLE and GPU components, allowing potential execution of malicious code due to improper validation of untrusted input. Discovered by Google’s Threat Analysis Group, the vulnerability is already being used in attacks before the patch was made available. The update, available for Windows, Mac, and Linux, is crucial for user protection. An Android update will follow shortly. Besides this critical issue, the update addresses other security vulnerabilities, including an integer overflow in V8 and a use-after-free in WebRTC. Google employs advanced detection methods to preemptively identify such vulnerabilities. Users are urged to update their browsers immediately to mitigate risks. The update is automatic, but manual updates can be initiated via Chrome’s settings. Google restricts access to detailed bug information until most users update, preventing further exploitation.
Is a Critical Zero-Day Vulnerability in Chrome Being Exploited?
