Source: www.techrepublic.com – Author: J.R. Johnivan
A zero-day exploit targeted Google Chrome users has been patched by Apple. Their latest updates target a variety of devices and operating systems.
Apple recently issued a round of system updates to patch a zero-day exploit that was used to target Google Chrome users. The vulnerability, tracked as CVE-2025-6558, was discovered in June by Google’s Threat Analysis Group (TAG), which said it had been actively exploited in the wild.
Which Apple operating systems were patched?
Google Chrome is available on various Apple devices, so patches were released for these operating systems:
- macOS Sequoia 15.6
- iOS 18.6
- iPadOS 18.6
- tvOS 18.6
- iPadOS 17.7.9
- visionOS 2.6
- watchOS 11.6
Some operating systems are used on multiple devices. For example, iPadOS 18.6 is featured in every generation of the iPad Pro 11-inch and 13-inch, but it’s only used in the third generation and later of the iPad Pro 12.9-inch. It’s also used in the iPad Air third generation or later, the iPad Mini fifth generation or later, and the iPad seventh generation or later.
There is a similar vulnerability in Apple’s Safari, though it’s only known to crash the web browser. According to Apple, the exploit has not been used to attack any Safari users.
How hackers used the Chrome exploit
The CVE-2025-6558 bug exploits validation within the ANGLE (Almost Native Graphics Layer Engine), which is used in Chrome’s rendering pipeline. Once compromised, hackers can craft malicious webpages to execute code within the browser’s GPU process, allowing them to circumvent the internal safeguards that are meant to separate web browser processes from OS processes. This can potentially grant the attacker elevated access to the device.
A July 22 blog post by the Office of Information Technology Services with New York State reads, in part: “Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Who is behind the attack?
Google’s TAG has not yet attributed CVE-2025-6558 to any specific attacker or threat group, but the team frequently reports on threats linked to state-sponsored hackers.
On July 15, Google released its own patch for Chrome that covered patched versions 138.0.7204.157/.158 for Windows and macOS and 138.0.7204.157 for Linux.
Protecting Apple and Google users from the latest threats
The latest vulnerability marks the sixth zero-day exploit patched by Apple in 2025 thus far, and it’s possible we’ll see more thai year. As always, Apple recommends downloading and installing the latest updates as soon as they are made available to the public.
The UK is setting bold precedents for how mobile platforms operate — and who controls them. Read our coverage of the Competition and Markets Authority’s latest move against Big Tech.
J.R. Johnivan
J.R. Johnivan is a 17-year veteran whose writing is focused on innovation and technology, including IT, computer networking, security, cloud computing, staffing, human resources, real estate, sports, entertainment, and more.
Original Post URL: https://www.techrepublic.com/article/news-apple-zero-day-chrome-exploit-patch/
Category & Tags: Apple,Google,News,Security – Apple,Google,News,Security
Views: 4
