Update now! Chrome security vulnerability is being exploited

Once again, Google has to patch security vulnerabilities in its Chrome web browser, one of which is already being exploited by attackers in the wild. Anyone using Chrome should ensure that they are running the latest version of the browser.

In the version announcement, Google writes that the update fixes a total of six vulnerabilities. Google only provides information on the nature of three of them, which were apparently reported by external IT security researchers. The developers classify all three as high risk. "Google is aware that an exploit for CVE-2025-6558 exists in the wild," the developers write formally. Most recently, Google had to patch a vulnerability in the Chrome browser that had already been exploited by malicious actors about two weeks ago.

Google Chrome: Attacked security vulnerability

Google briefly describes the exploited security vulnerability as "Incorrect checking of untrusted input in ANGLE and GPU" (CVE-2025-6558 / EUVD-2025-21546, CVSS 8.8, risk "high"). ANGLE is Google's "Almost Native Graphics Layer Engine," which is used by default as the WebGL backend in Chrome (and Firefox) and translates graphics function calls in DirectX, OpenGL, or similar abstraction layers. GPU, on the other hand, is the accelerated compositor in the browser.

In addition, attackers can exploit an integer overflow in the JavaScript engine V8 (CVE-2025-7656 / EUVD-2025-21547, CVSS 8.8, risk "high") and a use-after-free vulnerability in WebRTC (CVE-2025-7657 / EUVD-2025-21545, CVSS 8.8, risk "high"). Google has not provided any details, but attackers can usually exploit vulnerabilities classified in this way with manipulated websites, for example, and execute malicious code that has been injected.

The bug-fixed browser versions are Chrome 138.0.7204.157 for Android, 138.0.7204.156 for iOS, 138.0.7204.157 for Linux, and 38.0.7204.157/.158 for macOS and Windows.

Version check

The version dialog box in your web browser tells you which software version is currently active. It can be accessed via the browser menu, which is located behind the icon with three stacked dots to the right of the address bar. From there, go to "Help" – "About Google Chrome."

On Linux, users usually have to start the software management of the distribution they are using. On smartphones, updates are available in the respective app stores, but sometimes with a delay.

Since other web browsers are also based on the Chromium code, they are likely to be vulnerable as well. Their manufacturers are also expected to release updates to plug the security hole shortly, such as Microsoft for the Edge web browser.

(dmk)