Chrome Users Urged to Update Immediately: Assaults in Progress
In a swift response to the discovery of a new zero-day vulnerability, Google has released an update for its Chrome browser on Windows, Mac, and Linux platforms. The update, version 138.0.7204.157/.158, addresses a high-severity flaw that has been actively exploited in the wild[1][2][3][4].
The vulnerability, identified as CVE-2025-6558, involves incorrect validation of untrusted input in the ANGLE and GPU components. This flaw can potentially allow remote attackers to escape the Chrome sandbox, potentially granting them deeper system access[1][2][3][4].
Forbes reports that 250 Million Microsoft Windows PCs are now vulnerable to attack due to the unpatched zero-day vulnerability in Chrome[6]. In response, the U.S. government's cyber defense agency (CISA) has warned federal employees to update or stop using Chrome by July 23[7].
The latest update was released on July 15, 2025, with version 138.0.7204.157 for Linux and 138.0.7204.157/.158 for Windows and Mac. The update is being rolled out gradually over the coming days and weeks, so users may receive it automatically depending on their update schedule. However, to ensure protection, users are advised to manually check for updates and install this latest version as soon as possible[2][3][5].
Google has demonstrated a quick response to new flaws being discovered, having previously rolled out updates promptly to address security concerns[8]. Attackers are aware that the clock is ticking, making this a time of increased risk for users[9].
To update Chrome, users can either use the built-in updater or manually download the update from the official Google Chrome website. It is also recommended to restart the browser as soon as it downloads the update[2][3][5].
In summary, users should promptly update their browser to versions 138.0.7204.157 (Linux) or 138.0.7204.157/.158 (Windows, Mac) to mitigate the risk from this critical vulnerability[1][2][3][5].
| Action | Details | |------------------------------|--------------------------------------------------------| | Vulnerability | CVE-2025-6558, zero-day actively exploited | | Affected Versions | Chrome versions prior to 138.0.7204.157/.158 | | Fixed Versions | 138.0.7204.157 (Linux), 138.0.7204.157/.158 (Windows, Mac) | | Release Date of Update | July 15, 2025 | | Rollout | Gradual rollout over days/weeks after release | | User Guidance | Update immediately via Chrome's built-in updater or manual download |
[1] https://www.zdnet.com/article/google-chromes-zero-day-vulnerability-under-active-attack/ [2] https://www.forbes.com/sites/leemathews/2025/07/15/google-chrome-zero-day-vulnerability-affects-250-million-microsoft-windows-pcs/?sh=5293a68c71f2 [3] https://www.cnet.com/how-to/how-to-update-google-chrome-on-your-windows-mac-or-linux-pc/ [4] https://www.techradar.com/news/google-chromes-zero-day-vulnerability-is-actively-being-exploited-in-the-wild [5] https://www.cisa.gov/uscert/ncas/alerts/aa25-264a [6] https://www.forbes.com/sites/leemathews/2025/07/15/google-chrome-zero-day-vulnerability-affects-250-million-microsoft-windows-pcs/?sh=5293a68c71f2 [7] https://www.cisa.gov/uscert/ncas/alerts/aa25-264a [8] https://www.techradar.com/news/google-chromes-zero-day-vulnerability-is-actively-being-exploited-in-the-wild [9] https://www.cnet.com/tech/security/google-chrome-zero-day-vulnerability-under-active-attack/
In the world of technology and cybersecurity, a new zero-day vulnerability has been discovered in Google Chrome, affecting Windows, Mac, and Linux platforms [general-news, crime-and-justice]. This vulnerability, identified as CVE-2025-6558, has been actively exploited, allowing remote attackers to potentially escape the Chrome sandbox and gain deeper system access [technology, cybersecurity]. To mitigate this critical risk, Google has released an update, version 138.0.7204.157/.158, and users are advised to update their Chrome browsers promptly, following a warning from the U.S. government's cyber defense agency (CISA) [general-news, crime-and-justice]. On the other hand, the discovered zero-day vulnerability has made 250 Million Microsoft Windows PCs vulnerable to attack [general-news, crime-and-justice]. It's crucial for users to be vigilant and follow the guidance provided by Google and CISA, as attackers are aware that the clock is ticking, making this a time of increased risk.
