CVE Alert: CVE-2025-6558 – Google – Chrome

Risk verdict

Priority 1 — actively exploited in the wild (KEV-listed) with network-based remote code execution potential requiring user interaction.

Why this matters

The vulnerability can enable a sandbox escape via a crafted HTML page, giving an attacker code execution in the user’s process. With Chrome broadly deployed, this creates a high likelihood of exploitation across endpoints and could lead to data exposure, credential access, or footholds for further network compromise.

Most likely attack path

Attacker hosts a malicious page or delivers crafted content over the network; the user visits/interacts with it (UI: required). The flaw leverages untrusted input in the ANGLE/GPU stack, enabling sandbox escape with no initial privileges and low attack complexity. Successful exploitation yields full control within the user context and potential lateral movement to other processes or data assets.

Who is most exposed

Endpoints with Chrome installed, especially in organisations using desktop/laptop fleets across Windows, macOS, and Linux, including remote workers and web-centric business units.

Detection ideas

• Sudden Chrome crashes or unusual GPU/ANGLE process activity following page loads.
• Crash dumps or process trees showing sandbox escape indicators in the GPU/ANGLE components.
• Unusual Chrome network activity linked to web content loads from untrusted domains.
• EDR alerts for unexpected code execution in Chrome-related processes.
• Anomalous user-initiated navigation to crafted HTML pages or suspicious browser extensions.

Mitigation and prioritisation

• Patch rollout: update to the fixed Chrome release as a top priority; enable automatic updates across all endpoints.
• Enable and verify robust sandboxing and GPU sandbox protections; ensure ANGLE/GPU acceleration is enabled with hardened settings.
• Deploy compensating controls: restrict or sandbox untrusted HTML content, apply strict site isolation where feasible, and harden browser enterprise policies.
• Detection tuning: enhance monitoring for ANGLE/GPU process anomalies and Chrome crash signatures; deploy targeted EDR rules.
• Change management: coordinate a rapid, organisation-wide patch window; verify success in a pilot group before broad deployment. If KEV true or exploitation state remains active, maintain Priority 1 until patched.