Internet Security

Apple fixed a zero-day exploited in attacks against Google Chrome users

July 30, 2025 add comment

Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users.

The vulnerability is an insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 that can allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

ANGLE (Almost Native Graphics Layer Engine) is an open-source graphics engine developed by Google that acts as a compatibility layer between OpenGL ES and other graphics APIs like Direct3D, Vulkan, and Metal.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group reported the vulnerability on June 23, 2025.

This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group reported the vulnerability on June 23, 2025. Google’s TAG team investigates attacks by nation-state actors and commercial spyware vendors. One of these threat actors likely exploited the issue in the wild.

“Google is aware that an exploit for CVE-2025-6558 exists in the wild.” reads the alert published by Google.

“This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party.” reads the advisory published by Apple.

“Processing maliciously crafted web content may lead to an unexpected Safari crash”

Apple released WebKit security updates to address CVE-2025-6558 in the following products:

  • iOS 18.6 and iPadOS 18.6: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia 15.6: Macs running macOS Sequoia
  • iPadOS 17.7.9: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
  • visionOS 2.6: Apple Vision Pro
  • watchOS 11.6: Apple Watch Series 6 and later
  • tvOS 18.6: Apple TV HD and Apple TV 4K (all models)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google Chrome)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter