Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High Severity Zero-Day Vulnerability in Google Chrome
Alerts

High Severity Zero-Day Vulnerability in Google Chrome

18 July 2025

Google has released security updates to address a zero-day vulnerability in its Chrome browser. Users and administrators are advised to update to the latest versions immediately.

Background

Google has released a security update for the Chrome browser addressing multiple vulnerabilities, including a high severity zero-day vulnerability (CVE-2025-6558).

Impact

Successful exploitation of the vulnerability could allow a remote attacker to potentially execute arbitrary code within the browser's GPU process and perform a sandbox escape via a crafted HTML page.

Known Exploitation

Google is aware that an exploit for this vulnerability exists in the wild.

Affected Products

The vulnerability affects Google Chrome versions prior to 138.0.7204.157.

Note: Other Chromium-based browsers (e.g. Microsoft Edge, Brave, Opera) may also be affected and users are advised to apply the fixes when they are available.

Mitigation

Users of Chrome browsers are advised to upgrade their browser to the latest versions.

Users are also encouraged to enable automatic updates in Chrome browser to ensure that their software is updated promptly.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6558

https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html

https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/


Back to top