CVE Watchtower


← Back to CVE List

CVE-2025-6558NVD

Vulnerability Summary

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity Level
HIGH(8.8)
Published Date
Jul 15, 2025
Last Modified
Jul 23, 2025
Exploitation Status
ACTIVE
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh