Google chrome

Security Advisory

Google Addresses Actively Exploited Zero-Day Vulnerability CVE-2025-6558 in Chrome 

Google has issued a critical emergency update for the Chrome browser to address CVE-2025-6558, a zero-day vulnerability that is actively being exploited in the wild. This high-severity flaw exists in Chrome’s ANGLE and GPU components, which are responsible for rendering graphics in the browser.

Summary 

OEM Google 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-6558 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

Exploitation of this vulnerability could allow attackers to execute malicious code or gain unauthorized access to user systems. The update is being rolled out for Windows, macOS and Linux platforms. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Improper Input Validation in ANGLE/GPU Stack vulnerability  CVE-2025-6558 Google Chrome  High (Zero-day)  138.0.7204.157/.158 (Windows/macOS), 138.0.7204.157 (Linux) 

Technical Summary 

CVE-2025-6558 is a high-severity vulnerability caused by improper validation of untrusted input in Chrome’s ANGLE (Almost Native Graphics Layer Engine) and GPU components. These components translate graphics instructions and interact closely with the system’s native APIs.

The flaw was discovered by Google’s Threat Analysis Group (TAG) and is being actively exploited in real-world attacks. If left unpatched, it could enable attackers to compromise the browser rendering process and potentially execute arbitrary code on the user’s device. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-6558 Chrome on Windows, macOS, Linux Untrusted input is incorrectly validated, allowing malicious manipulation of graphics rendering Remote code execution through active exploitation 

Additional Vulnerabilities Patched in This Update 

In addition to the zero-day CVE-2025-6558, Google also addressed two other high-severity vulnerabilities as part of this update: 

  • CVE-2025-7656 – An integer overflow vulnerability in Chrome’s V8 JavaScript engine, which could be exploited to corrupt memory and potentially achieve remote code execution. This flaw was reported by security researcher Shaheen Fazim.  
  • CVE-2025-7657 – A use-after-free vulnerability in the WebRTC (Web Real-Time Communication) component. Improper memory handling in real-time communication features could allow attackers to crash the browser or execute arbitrary code remotely. This issue was reported by researcher jakebiles. 

Remediation

  • Users should immediately update Google Chrome to the latest patched version: 
  • Windows & Mac: 138.0.7204.157/.158 
  • Linux: 138.0.7204.157 

Conclusion: 
CVE-2025-6558 highlights the growing complexity of securing browser components such as ANGLE and GPU. With confirmed active exploitation, users and administrators must prioritize this update to prevent potential remote code execution attacks.

Timely patching remains one of the most effective defenses against modern browser-based threats. 

References

Security Advisory

Grafana Rolls out Updates on Critical Chromium Vulnerabilities; CVE-2025-6554 a Zero day Vulnerability

Summary : Grafana has issued urgent patches to address multiple high-severity vulnerabilities stemming from underlying flaws in the Chromium V8 JavaScript engine.

OEM Google 
Severity High 
CVSS Score 8.1 
CVEs CVE-2025-6554, CVE-2025-5959, CVE-2025-6191 CVE-2025-6192 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

The most critical of these, CVE-2025-6554, is a zero-day vulnerability that was actively exploited in the wild. Several of these bugs, if unpatched, could allow attackers to execute arbitrary code, perform memory corruption or bypass sandbox protections via malicious HTML content.

Grafana users running affected versions of Image Renderer and Synthetic Monitoring Agent are strongly advised to update immediately. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Type Confusion in V8 Engine vulnerability  CVE-2025-6554 Google Chrome  High  138.0.7204.96/.97 (Windows)  
138.0.7204.92/.93 (Mac)  
138.0.7204.96 (Linux) 
Type Confusion in V8 Engine vulnerability CVE-2025-5959 Google Chrome High 137.0.7151.103/.104 (Windows & Mac) 137.0.7151.103 (Linux) 
Integer overflow in V8 Engine vulnerability CVE-2025-6191 Google- Chrome High 137.0.7151.119/.120 (Windows & Mac) 137.0.7151.119 (Linux) 
Use-after-free in Metrics (Profiler) in Google Chrome CVE-2025-6192 Google- Chrome High 137.0.7151.119/.120 (Windows & Mac) 137.0.7151.119 (Linux) 

Technical Summary 

Grafana has patched four high-severity Chromium V8 vulnerabilities in its Image Renderer and Synthetic Monitoring Agent. The most critical, CVE-2025-6554 is a zero-day type confusion bug that was actively exploited. Other flaws include CVE-2025-5959 (remote code execution), CVE-2025-6191 (integer overflow) and CVE-2025-6192 (use-after-free).

Affected versions are Image Renderer < 3.12.9 and Synthetic Monitoring Agent < 0.38.3. Users should update immediately to stay protected. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-6554 Chrome on Windows, macOS, Linux Type confusion in the V8 JavaScript engine allows improper memory handling, leading to code execution  Remote code execution.  Potential system compromise.  
CVE-2025-5959 Chrome on Windows, macOS, Linux Type Confusion in V8 in Google Chrome prior to allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Remote code execution.  Potential system compromise. 
CVE-2025-6191 Chrome on Windows, macOS, Linux Integer overflows in V8 in Google Chrome prior to allowing a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Arbitrary code execution. Memory Corruption. 
CVE-2025-6192 Chrome on Windows, macOS, Linux Use after free in Metrics in Google Chrome prior to allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Arbitrary code execution.  

Remediation

  • Users should immediately update Google Chrome to the latest patched version: 
  • Windows: 138.0.7204.96/.97, 137.0.7151.103/.104, 137.0.7151.119/.120 
  • macOS: 138.0.7204.92/.93, 137.0.7151.103/.104, 137.0.7151.119/.120 
  • Linux: 138.0.7204.96, 137.0.7151.103, 137.0.7151.119 

Other Chromium-based browsers (Edge, Brave, Opera etc.) should also be updated as patches become available from their respective vendors. 

Conclusion: 
The criticality of CVE-2025-6554, CVE-2025-5959, CVE-2025-6191, CVE-2025-6192 in the wild highlights the urgency of applying the latest Chrome security update.

Type confusion vulnerabilities like this can lead to full system compromise and are highly sought-after by cybercriminals. Users and organizations should take immediate action to mitigate potential risks. 

References

Security Advisory

Google Chrome Zero-Day CVE-2025-2783 Exploited in APT Group TaxOff Campaigns 

Summary 

A newly-patched zero-day vulnerability in Google Chrome CVE-2025-2783 which was exploited in the wild by a threat actor TaxOff, leading to the deployment of Trinper which an advanced backdoor.

The CVE-2025-2783 exploited a sandbox escape vulnerability within Google Chrome’s Mojo IPC (Inter-Process Communication) framework, which allowed attackers to bypass the browser’s security sandbox and lead to RCE. 

TaxOff Threat Actor 

TaxOff is a highly sophisticated Advanced Persistent Threat (APT) group primarily targeting government organizations which is known for its use of advanced social engineering tactics, often involving phishing campaigns that exploit themed around financial reporting and regulatory compliance. 

The CVE-2025-2783 vulnerability was first detected in March 2025 after Kaspersky reported real-world exploitation.

TaxOff used a phishing-based delivery method, which involved embedding a malicious link in emails masquerading as invitations to legitimate events like the Primakov Readings forum.

Once the link was clicked, the CVE-2025-2783 exploit was triggered, leading to the deployment of the Trinper backdoor. It was a one-click compromise that delivered a highly tailored payload with surgical precision. 

Trinper Backdoor 

This is a multi-threaded C++ backdoor that collected host data, logged keystrokes, exfiltrated targeted documents like document, excel or pdf files and maintained remote access.

But this wasn’t just a “plug-and-play” backdoor. Trinper’s loader employed five layers of encryption, utilizing ChaCha20, modified BLAKE2b hashes, and even machine-specific environmental checks. It was decrypted only on intended systems, using unique hardware identifiers like firmware UUIDs and PEB structures. 

Source: global.ptsecurity.com 

Interestingly, researchers found that Team46, a different APT group shares many similarities with TaxOff in terms of TTPs. This overlap raises the possibility that TaxOff and Team46 are the same group operating under different aliases.

Both groups have used PowerShell-based loaders and Cobalt Strike as their primary exploitation vectors. 

This flaw allows threat actors to:

  • Execute arbitrary code
  • Bypass Chrome’s built-in security sandbox
  • Potentially gain remote control over the system

Recommendation 

The rapid exploitation of CVE-2025-2783 highlights the critical importance of timely patch management. Google released a fix for this vulnerability in March 2025, and all users are strongly advised to update their Chrome browsers to the latest version immediately. 

In addition to patching, organizations should implement the following defensive measures 

  • Enhance email filtering systems and provide regular phishing awareness training for employees. 
  • Continuously monitor systems for unusual or suspicious behavior related to script execution or network anomalies. 
  • Restrict the execution of unsigned or obfuscated scripts and macros, particularly in email attachments or downloaded files, using tools like AppLocker or Microsoft Defender ASR. 

References

Security Advisory

Google Chrome Patches Actively Exploited Zero-Day Vulnerability 

Summary : Security Advisory

Google has released a critical out-of-band security update for its Chrome browser to address CVE-2025-5419.

Rated as high-severity zero-day vulnerability in the V8 JavaScript engine that is currently being actively exploited in the wild.

OEM Google 
Severity HIGH 
CVSS Score 8.8 
CVEs CVE-2025-5419 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

This vulnerability allows attackers to execute arbitrary code on users’ systems through specially crafted web content, making it a serious threat requiring immediate attention. 

In addition to the zero-day fix, this update also includes a patch for CVE-2025-5068, a medium severity use-after-free vulnerability in Blink, chrome’s rendering engine.

While less critical, such flaws can still result in memory corruption and possible code execution. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Out-of-bounds memory access vulnerability  CVE-2025-5419 Google Chrome  High  137.0.7151.68/.69 (Win/Mac), 137.0.7151.68 (Linux) 

Technical Summary 

This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group.

This flaw affects the V8 JavaScript engine and allows attackers to execute arbitrary code via crafted web content.

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-5419  Chrome (all platforms) Out-of-bounds read and write in the V8 JavaScript engine; triggered via malicious HTML   Arbitrary code execution, memory compromise, remote attack 

Remediation

Apply Patches Promptly: Upgrade to Chrome version 137.0.7151.68/.69 or later for Windows and macOS, and 137.0.7151.68 or later for Linux to mitigate the vulnerabilities. 

General Recommendation: 

  • Prioritize Zero-Day Fixes: Treat this patch as high priority due to confirmed in-the-wild exploitation. Immediate action is critical to prevent potential system compromise. 
  • Update Chromium-Based Browsers: Ensure Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are updated as soon as vendor-specific patches are released. 
  • Automate Browser Updates: Enable automatic updates in Chrome and Chromium environments to maintain timely patching against emerging threats. 
  • Enterprise Patch Rollout: Administrators should fast-track deployment of the fixed version across all endpoints, particularly in high-risk or externally exposed environments. 
  • Monitor for Threat Activity: Continuously monitor browser and network activity for signs of exploitation attempts targeting vulnerable versions. 

Conclusion: 
CVE-2025-5419 poses a significant security risk with confirmed active exploitation in the wild.

Google’s swift action highlights the urgency of this threat. All users are strongly advised to update their Chrome browsers immediately. Delaying this update could expose systems to compromise through malicious web content exploiting this zero-day vulnerability. 

While Chrome will automatically update when new security patches are available, users can speed up the process by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the ‘Relaunch’ button to install it immediately.

References

Security Advisory

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk 

Summary : A zero-day vulnerability (CVE-2025-4664) in Google Chrome’s Loader component has been actively exploited in the wild.

OEM Google 
Severity Medium 
CVSS Score 4.3 
CVEs CVE-2025-4664 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

This flaw allows attackers to bypass security policies, leak cross-origin data, and potentially execute unauthorized code. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Insufficient Policy Enforcement vulnerability  CVE-2025-4664 Google Chrome  Medium  136.0.7103.113/.114 (Win/Mac),  136.0.7103.113 (Linux) 

Technical Summary 

CVE-2025-4664 is a zero-day vulnerability found in the Chrome Loader component due to insufficient policy enforcement.

It enables remote attackers to bypass browser security controls using crafted HTML content, possibly leaking cross-origin data or achieving sandbox escape. The bug has been actively exploited in the wild.

A second high-severity flaw, CVE-2025-4609, was also addressed in this update, involving an incorrect handle in the Mojo IPC layer, which can lead to memory corruption or privilege escalation. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-4664  Chrome (Windows, Mac, Linux) Insufficient policy enforcement in Loader enables cross-origin data leaks via crafted HTML.  Data leakage, sandbox escape, potential code execution 

Remediation

  • Update Chrome: Google has released security updates to address these vulnerabilities. Users and administrators must apply the latest Chrome versions: 
  • Windows/macOS: Chrome 136.0.7103.113 /136.0.7103.114 or later 
  • Linux: Chrome 136.0.7103.113 or later 

Conclusion: 
The active exploitation of CVE-2025-4664 highlights the urgent need for rapid security response and patch management. With acknowledgment from CISA and public disclosure by @slonser_, this zero-day poses a real and present threat to users of Chrome and other Chromium-based browsers.

Organizations should take immediate action to patch affected systems and monitor for signs of compromise.

Regular browser updates and proactive vulnerability management are essential to mitigating such critical security risks. 

References

Security Advisory

Critical Chrome Vulnerability (CVE-2025-2783) Exploited in Cyber-Espionage Campaign

OEMGoogle Chrome
SeverityHigh
CVSS8.3
CVEsCVE-2025-2783
Exploited in WildYes
Patch/Remediation AvailableYes
Advisory Version1.0

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding the critical zero-day vulnerability, CVE-2025-2783, in Google Chrome and other Chromium-based browsers on Windows. This vulnerability is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, urged immediate patching to prevent security breaches and unauthorized system access.

Vulnerability NameCVE IDProduct AffectedSeverityFixed Version
  Google Chromium Mojo Sandbox Escape Vulnerability  CVE-2025-2783  Google Chrome  High  134.0.6998.117/.118

Technical Summary

This high-severity vulnerability found in the Mojo framework of Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera, Brave etc. The vulnerability originates from a logic error that results in an incorrect handle being provided under certain conditions. This flaw allows attackers to bypass Chrome’s sandbox protections and potentially execute arbitrary code on the affected system.

Security researchers from Kaspersky discovered this zero-day vulnerability as part of an advanced cyber-espionage campaign dubbed “Operation ForumTroll.” The attack campaign targeted media outlets, educational institutions, and government organizations in Russia through highly personalized phishing emails.

The exploit chain is particularly dangerous because it requires minimal user interaction. Victims only need to click on a malicious link in a phishing email, after which the attack executes automatically without any additional action from the user. Once triggered, the exploit allows attackers to escape Chrome’s sandbox environment, leading to remote code execution and possible system compromise.

CVE IDSystem AffectedVulnerability DetailsImpact
    CVE-2025-2783    Google Chrome (Windows)    Incorrect handle provided in Mojo, allowing sandbox escape  Remote code execution, System Compromise

Remediation:

  • Google Chrome Patch Released: Google has released security updates in Chrome versions 134.0.6998.177/.178 to address this vulnerability. Users should update immediately.

General Recommendations:

  • Enable Automatic Updates: Ensure automatic updates are enabled in Google Chrome and other Chromium-based browsers to receive future security patches promptly.
  • Phishing Awareness Training: Organizations should educate employees on identifying and avoiding phishing emails to prevent exploitation.
  • Endpoint Security Measures: Deploy endpoint detection and response (EDR) solutions to monitor and mitigate potential threats.
  • CISA Compliance for Federal Agencies: Federal agencies must adhere to CISA’s Binding Operational Directive (BOD) 22-01 to address known exploited vulnerabilities promptly.

Conclusion:

The exploitation of CVE-2025-2783 demonstrates the ongoing threat posed by sophisticated cyber-espionage activities.  Google has responded swiftly with a patch, and users are strongly advised to update their browsers immediately. Organizations should remain vigilant against phishing attempts and enhance their cybersecurity posture to mitigate similar threats in the future.

References:

News Security Advisory

Analysis of WezRat Malware; Check point Findings

New CheckPoint research discovered a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands.

Continue Reading
Scroll to top