You are currently viewing Joint Threat to Safari and Chrome Users – Patch CVE-2025-6558 Now

Joint Threat to Safari and Chrome Users – Patch CVE-2025-6558 Now

  • Post author:
  • Reading time:3 mins read

Apple has rolled out critical security updates across its platforms to address a high-severity vulnerability in the WebKit engine. This flaw, tracked as CVE-2025-6558, was exploited as a zero-day in Google Chrome and could potentially impact Safari and other Apple applications relying on WebKit. The coordinated action by Apple and Google highlights shared risks across modern browsers and the urgency of timely patching.

Vulnerability Details

CVE-2025-6558 is a high-severity vulnerability (CVSS 3.x score: 8.8) that stems from incorrect validation of untrusted input in ANGLE (Almost Native Graphics Layer Engine), a graphics abstraction layer used by both Google Chrome and Apple’s WebKit. This flaw allows remote attackers to execute arbitrary code within the browser’s GPU process by tricking users into loading specially crafted HTML pages. Once exploited, the vulnerability can potentially be used to escape the browser sandbox and run malicious payloads on the underlying operating system. The vulnerability is actively exploited in the wild, particularly targeting Google Chrome.

Affected Products

The vulnerability affects the WebKit browser engine used in Safari and other Apple products, as well as Google Chrome. Apple has addressed this issue in the following software versions:

  • iOS 18.6 and iPadOS 18.6: For iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).
  • iPadOS 17.7.9: For iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad (6th gen).
  • macOS Sequoia 15.6
  • macOS Sonoma 14.7.7
  • macOS Ventura 13.7.7
  • tvOS 18.6: For Apple TV HD and Apple TV 4K (all models).
  • watchOS 11.6: For Apple Watch Series 6 and later.
  • visionOS 2.6: For Apple Vision Pro.

TTP Information

Attackers are actively exploiting this vulnerability in zero-day attacks. The tactics and techniques observed include:

TA0002 – Execution: Exploiting the vulnerability to execute arbitrary code within the browser’s GPU process.

T1203 – Exploitation for Client Execution: Using crafted HTML pages to trigger the vulnerability and execute code on the client’s machine.

TA0004 – Privilege Escalation: Gaining elevated privileges by escaping the browser’s sandbox environment.

T1068 – Exploitation for Privilege Escalation: Exploiting the vulnerability to gain higher-level permissions on the system.

Mitigation Recommendations

To prevent exploitation, users are strongly urged to install the latest security updates immediately. Apple has released patches across all affected platforms and offers detailed instructions for updating. Critical security patches are also delivered via automatic background updates to ensure faster protection.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-6558 to its Known Exploited Vulnerabilities (KEV) catalog. CISA has mandated that all federal agencies apply the patches immediately and also recommends that all organizations—public and private—treat this vulnerability as a high priority and patch as soon as possible.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.