Apple WebKit Zero-Day Under Active Exploitation (CVE-2025-6558)

What’s Happening

A critical zero-day vulnerability, CVE-2025-6558, has been actively exploited in the wild. It arises from improper validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) and GPU components—common to both Google's Chromium browsers and Apple's WebKit engine. This flaw allows remote attackers to bypass sandbox protections via specially crafted HTML content.

Affected Platforms & Impact

• Google Chrome (and other Chromium-based browsers): Exploited through GPU sandbox escape. Patched in July via version 138.0.7204.157.
• Apple Devices (WebKit/Safari and more): Impacted platforms include:
  • iOS 18.6
  • iPadOS 18.6 / 17.7.9
  • macOS Sequoia 15.6
  • tvOS 18.6
  • watchOS 11.6
  • visionOS 2.6

This flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, with federal agencies required to apply patches by August 12, 2025.

Mitigation Steps

• Update Immediately:
  • Ensure Chrome and Chromium-based browsers are updated to version 138.0.7204.157 or later.
  • Apply the iOS 18.6 / iPadOS 18.6, macOS Sequoia 15.6, or equivalent updates for other Apple platforms.
• Monitor for Exploitation Indicators:
  Watch for suspicious GPU-related browser activity or crashes, especially from unusual webpages or external content.

ThreatGrid Takeaways

• This is a multi-platform zero-day impacting both Chrome and Apple WebKit—patch across your browser and OS ecosystem promptly.
• Because the exploit allows sandbox escape via malicious HTML, defenders must treat it as high-risk to system security posture.
• Prompt updates are non-negotiable—especially given government-mandated remediation timelines.
• Integrate WebKit/Chrome patch monitoring into your vulnerability management workflow to avoid exposure windows.