- 156/2025
- High
Google has released an updated Chrome version 138.0.7204.157/.158 forn Windows, Mac, and 138.0.7204.157 for Linux.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions via a crafted HTML page, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website.
Sample of the addressed vulnerabilities:
1. Google Chrome Code Execution Vulnerability (CVE-2025-6558):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
2. Google Chrome Code Execution Vulnerability (CVE-2025-7657):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
It should be highlighted that Google is aware that the zero-day vulnerability “CVE- 2025-6558″ is being exploited in the wild.
Vulnerabilities
- CVE-2025-7656
- CVE-2025-7657
- CVE-2025-6558
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.