Chrome Patches Actively Exploited Sandbox Escape Vulnerability
Google has released patches for six security vulnerabilities in its Chrome browser, including a critical sandbox escape flaw that has already been exploited in the wild.
The vulnerability, tracked as CVE-2025-6558 and assigned a CVSS score of 8.8, was discovered by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG). It arises from insufficient validation of untrusted input in Chrome’s ANGLE and GPU components.
“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 could potentially allow a remote attacker to escape the sandbox via a specially crafted HTML page,” according to the vulnerability description published in NIST’s National Vulnerability Database (NVD).
What Is ANGLE and Why It Matters
ANGLE (Almost Native Graphics Layer Engine) is an open-source graphics translation layer that sits between Chrome’s rendering engine and the user’s graphics hardware. It converts OpenGL ES API calls into platform-specific instructions such as Direct3D, Vulkan, Metal, or native OpenGL.
Because ANGLE handles untrusted GPU instructions from websites—for example, via WebGL—any flaws in the component can lead to severe security issues. If exploited, these flaws can allow attackers to execute low-level GPU operations that circumvent the browser's sandbox, a key defense mechanism designed to isolate web content from the rest of the system.
In practical terms, visiting a malicious website could allow an attacker to escape Chrome’s sandbox and interact with the underlying operating system—a serious escalation of privileges.
Zero-Day Alert and Limited Disclosure
Google has confirmed that CVE-2025-6558 is being actively exploited, though it has not shared specific details about the attacks or the identity of the threat actors involved.
However, the fact that the vulnerability was discovered by TAG is significant. Google’s Threat Analysis Group specializes in tracking government-backed hacking, advanced persistent threats (APTs), and zero-day spyware campaigns targeting high-risk individuals such as journalists, activists, and politicians.
This context suggests the exploit may have been used in targeted attacks, possibly by state-sponsored actors or groups conducting cyberespionage.
Immediate Action Recommended
Given the severity of the flaw and its active exploitation, Chrome users are strongly urged to update to version 138.0.7204.157 or .158, depending on their operating system.
In addition to CVE-2025-6558, Google also addressed several other high-impact vulnerabilities, including:
- CVE-2025-7656 – A high-severity bug in the V8 JavaScript engine
- CVE-2025-7657 – A use-after-free vulnerability in WebRTC
Key Takeaways
- CVE-2025-6558 is a sandbox escape vulnerability actively exploited in real-world attacks.
- It affects ANGLE, a graphics component critical to Chrome’s rendering architecture.
- The flaw enables attackers to break out of the browser sandbox and potentially execute code on the host OS.
- The exploit was discovered by Google TAG, often linked to investigations into APT activity.
- Update Chrome immediately to versions 138.0.7204.157 or .158 to stay protected.
