bleepingcomputer[.]com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection.The vulnerability is identified as CVE-2025-6558 and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23.
The vulnerability allows a remote attacker using a specially crafted HTML page to execute arbitrary code within the browser’s GPU process. Google has not provided the technical details on how triggering the issue could lead to escaping the browser's sandbox.“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” states Google in the security bulletin.