CVE-2025-6558

CVE-2025-6558

Vendor Google

Product Chrome

Weakness CWE-20 · Input validation

KEV Status Known Exploited

Published July 15, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

July 15, 2025 CVE published

February 26, 2026 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6558 CISA KEV Reference https://chromereleases.googleblog.com/2025/07/stable-channel-u… CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2025-6558

Related vulnerabilities

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE