Ethical Hacking News
Apple has issued a critical security update to address a high-severity vulnerability in Google Chrome users, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding the flaw to its Known Exploited Vulnerabilities (KEV) catalog. The fix addresses an insufficient validation of untrusted input in ANGLE and GPU, allowing remote attackers to potentially perform a sandbox escape via crafted HTML pages.
Apple has issued a critical security update to address a high-severity vulnerability in Google Chrome. A remote attacker could potentially perform a sandbox escape via a crafted HTML page, compromising the security of affected users. The vulnerability (CVE-2025-6558) was first reported on June 23, 2025, and is tracked as an insufficient validation of untrusted input in ANGLE and GPU. The U.S. Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog. Apple's TAG team has released security updates for iOS, iPadOS, and macOS to address the vulnerability.
Apple has issued a critical security update to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), is an insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157. This means that a remote attacker could potentially perform a sandbox escape via a crafted HTML page, compromising the security of affected users.
The vulnerability was first reported by Clement Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on June 23, 2025. The duo, who investigate attacks by nation-state actors and commercial spyware vendors, likely identified the issue after observing it being exploited in the wild by a malicious actor. It is believed that one of these threat actors has already begun exploiting this vulnerability to gain unauthorized access to systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the severity of the issue and emphasizing the need for affected users to take prompt action. Apple’s TAG team has released security updates to address CVE-2025-6558 in various products, including iOS 18.6 and iPadOS 18.6 for iPhone XS and later models, as well as macOS Sequoia 15.6 for Macs.
ANGLE (Almost Native Graphics Layer Engine) is an open-source graphics engine developed by Google that acts as a compatibility layer between OpenGL ES and other graphics APIs like Direct3D, Vulkan, and Metal. This vulnerability highlights the importance of thoroughly testing and validating code in critical systems like Google Chrome.
The threat landscape has become increasingly complex, with zero-day exploits posing significant risks to system security. In this case, Apple’s prompt action demonstrates its commitment to protecting users from these types of threats. However, it serves as a stark reminder that vigilance is essential in today's digital environment.
As the cybersecurity landscape continues to evolve, it is crucial for individuals and organizations alike to remain vigilant and proactive in addressing emerging vulnerabilities. This includes staying informed about the latest security patches and updates, as well as implementing robust security measures to prevent exploitation of known flaws.
In conclusion, the recent vulnerability in Google Chrome highlights the importance of timely security updates and the need for users to stay informed about emerging threats. As we move forward in this rapidly changing digital landscape, it is essential that we prioritize our collective cybersecurity, working together to build a safer and more secure online environment.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Looming-Shadow-of-Zero-Day-Exploits-Apple-Fixes-Vulnerability-in-Google-Chrome-Users-ehn.shtml
https://securityaffairs.com/180595/security/apple-fixed-a-zero-day-exploited-in-attacks-against-google-chrome-users.html
https://nvd.nist.gov/vuln/detail/CVE-2025-6558
https://www.cvedetails.com/cve/CVE-2025-6558/
Published: Wed Jul 30 13:44:58 2025 by llama3.2 3B Q4_K_M
