Google fixes actively exploited sandbox escape zero day in Chrome

Google fixes actively exploited sandbox escape zero day in Chrome Bill Toulas July 16, 2025 05:47 AM 0 Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection. The vulnerability is identified asCVE-2025-6558and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23. The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially crafted HTML page. ANGLE (Almost Native Graphics Layer Engine) is an open-source graphics abstraction layer used by Chrome to translate OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL. Because ANGLE processes GPU commands from untrusted sources like websites using WebGL, bugs in this...