Chrome fixes 6 security vulnerabilities. Get the update now!

Google has released an update for its Chrome browser to patch six security vulnerabilities, including one zero-day.

This update is crucial since it addresses one actively exploited vulnerability which can be abused when the user visits a malicious website. It doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

The update brings the version number to 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click the more menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is reload Chrome in order for the update to complete, and for you to be safe from the vulnerabilities.

You can find more elaborate update instructions and the version number information in our article on how to update Chrome on every operating system.

Technical details on the zero-day vulnerability

Attackers can exploit the vulnerability tracked as CVE-2025-6558 by taking advantage of insufficient validation of untrusted input in Chrome’s ANGLE and GPU components. This flaw, which affects versions of Google Chrome prior to 138.0.7204.157, enables an attacker to craft a malicious HTML page and, upon convincing a user to open it, escape the browser’s security sandbox

ANGLE (Almost Native Graphics Layer Engine) is open-source software developed by Google that acts as a translator for graphics commands in browsers like Chrome. It helps your browser display complex graphics, such as 3D games or interactive web apps, and works on a wide range of computers and devices, even if they use different underlying graphics systems.

As an everyday user you may never see or even notice ANGLE directly, but it powers a huge part of the web experience. Especially 3D content in Chrome, Edge, and Firefox on Windows, Mac, and even Android.

Its universal role means that when a security issue is found in ANGLE, everybody using Chrome (and Chromium browsers) is potentially at risk.

An attacker only needs to present a target with an especially crafted HTML file, meaning they just need to lure them to a malicious website. HTML is just the code that makes up a web page.

The sandbox escape means that successful exploitation of the vulnerability not only affects the—sandboxed—browser, but can compromise the victim’s device.

Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on June 23, 2025. The TAG group focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.

We don’t just report on browser vulnerabilities, Malwarebytes’ Browser Guard protects your browser against malicious websites and credit card skimmers, blocks unwanted ads, and warns you about relevant data breaches and scams.