Google has released a critical security update for its Chrome browser, addressing six vulnerabilities, including one high-severity flaw that has been actively exploited in the wild.
The most serious issue, tracked as CVE-2025-6558, affects Chrome versions prior to 138.0.7204.157. The flaw stems from insufficient validation of untrusted input in ANGLE and GPU, components responsible for translating graphics commands for the browser’s rendering processes. Specifically, ANGLE (Almost Native Graphics Layer Engine) is a graphics abstraction layer that helps Chrome run WebGL content across different platforms.
While technical details of the exploit have not yet been disclosed, Google confirmed that the vulnerability has been observed in active attacks. Users are strongly advised to update Chrome immediately to the latest version to mitigate potential threats. The company did not provide any additional information on threat actors or the nature of attacks exploiting this flaw.
