Patch Your Browser, Save Your Bacon – Google’s Latest Zero‑Day Fix
Google has rushed out Chrome version 138.0.7204.157/158 to patch six flaws, headlined by CVE‑2025‑6558 (CVSS 8.8). The bug lives in ANGLE/GPU code and lets a malicious web page break out of Chrome’s sandbox—a handy stepping‑stone to full system compromise. Google’s Threat Analysis Group spotted the exploit being used in real‑world attacks (details withheld, but likely nation‑state). Five other CVEs—none yet exploited—were also fixed. Users on Windows, macOS, Linux (and all Chromium‑based browsers) should update immediately via Menu ▸ Help ▸ About Chrome.
Google has lobbed another patch at Chrome, and this one’s hotter than a July heatwave. A nasty vulnerability—CVE‑2025‑6558—lets a dodgy website hop the browser’s sandbox fence, rummage around your PC and generally make a nuisance of itself.
What’s the fuss?
• Where: Chrome’s ANGLE/GPU engine (the bit that talks to your graphics card).
• Severity: 8.8/10—so, not exactly mild.
• Status: Already exploited in the wild, according to Google’s Threat Analysis Group. Nation‑state skulduggery? The company’s lips are sealed.
Other fixes in the bundle
Google’s update tackles five more gremlins, from memory bugs to logic errors. None are known to be exploited yet, but give attackers time and they’ll oblige.
How to stay safe
1. Click the three dots (top right) ▸ Help ▸ About Google Chrome.
2. Let it chunter up to 138.0.7204.157 (Windows/macOS) or .158.
3. Smash the Relaunch button and bask in the glow of patched security.
Using Edge, Brave or Vivaldi?
They share Chrome’s innards, so keep an eye out for their respective updates too.
Bottom line: update now, grumble later. Your future self will thank you.