iOS 18.6 and macOS Sequoia 15.6 Address Chrome Zero-Day Attack

by

The iOS 18.6, iPadOS 18.6, and macOS Sequoia 15.6 updates that Apple released yesterday address a major zero-day attack that targeted Chrome users, according to Bleeping Computer.

Chrome Feature 22
Apple says that CVE-2025-6558 was a vulnerability in open source code that also affected Apple software. The flaw could allow remote attackers to execute arbitrary code using HTML pages created for that purpose, escaping Chrome's sandboxing. Google patched the issue on July 15, and said that it had been actively exploited.

In Safari, Apple said that the issue could cause unexpected crashing, but it wasn't known to have been used in attacks against Safari users.

Google hasn't offered up technical details on how the exploit worked, and the company said that additional information would be restricted until the majority of users have updated their devices. Chrome users who have not installed the latest version of Chrome should do so.

Popular Stories

iPhone 17 Pro Dark Blue and Orange

When Is iPhone 17 Coming Out?

Thursday July 24, 2025 9:11 am PDT by
Apple's iPhone 17 series is expected to debut in September 2025. This release follows Apple's recent trend of introducing new iPhone models annually in the fall. To unveil the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max, Apple is expected to hold its annual iPhone announcement event during the week of September 8, 2025, with September 9 or 10 emerging as the most likely...
Read Full Article
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Launching in Two Months With These 16 New Features

Saturday July 26, 2025 5:50 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max should launch in late September, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models, as of July 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14...
Read Full Article209 comments
iPhone 17 Pro on Desk Centered 1

Tipster: iPhone 17 Pro to Feature 8x Zoom, Pro Camera App, and More

Sunday July 27, 2025 7:35 am PDT by
Apple's upcoming iPhone 17 Pro models will have several new camera-related features, according to an anonymous tipster who contacted MacRumors today. The tipster claimed to be familiar with an iPhone 17 Pro commercial that is allegedly being produced by a film company that has publicly listed Apple as one of its clients. MacRumors has not independently confirmed any of the information shared ...
Read Full Article254 comments
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.6

Tuesday July 29, 2025 10:13 am PDT by
Apple today released watchOS 11.6, the sixth update to the operating system that runs on the Apple Watch. watchOS 11.6 comes more than two months after Apple released watchOS 11.5. The update is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.6 can be downloaded on a connected iPhone by opening up the Apple Watch app and...
Read Full Article20 comments
macOS Sequoia Feature

Apple Releases macOS Sequoia 15.6

Tuesday July 29, 2025 10:22 am PDT by
Apple today released macOS Sequoia 15.6, the sixth major update to the macOS Sequoia operating system that launched last September. macOS Sequoia 15.6 comes a over two months after the launch of macOS Sequoia 15.5. Mac users can download the ‌‌‌macOS Sequoia 15.6 update through the Software Update section of System Settings. It is available for free on all Macs able to run macOS 15. ...
Read Full Article50 comments
iOS 18

Apple Releases iOS 18.6 With Photos Bug Fix

Tuesday July 29, 2025 10:17 am PDT by
Apple today released iOS 18.6 and iPadOS 18.6, the sixth updates to the iOS 18 and iPadOS 18 operating systems. iOS 18.6 and iPadOS 18.6 come more than two months after the release of iOS 18.5 and iPadOS 18.5. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. iOS 18.6 addresses a Photos-related bug that could...
Read Full Article57 comments
iPhone 17 MagSafe UnclePan

Here's Another Look at the iPhone 17 Pro's Alleged New MagSafe Design

Tuesday July 29, 2025 8:09 am PDT by
Another image of the iPhone 17 Pro's rumored new MagSafe design has surfaced. Unfortunately, though, the image's quality is pretty low. A user known as "UnclePan" on Chinese social media platform Weibo this week shared an image of third-party MagSafe cases that are apparently for the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max. On the iPhone 17 Pro cases, the MagSafe...
Read Full Article41 comments

Top Rated Comments

adamw Avatar
adamw
18 hours ago at 05:53 pm

Good reason not to trust Google ever :rolleyes:
This not only applies to Google Chrome, but also appears to affect Safari (by causing a crash to it.) Here is more about this exploit:

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Tracked as CVE-2025-6558 ('https://nvd.nist.gov/vuln/detail/CVE-2025-6558'), the security bug is due to the incorrect validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) open-source graphics abstraction layer, which processes GPU commands and translates OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL.

The vulnerability enables remote attackers to execute arbitrary code within the browser's GPU process via specially crafted HTML pages, potentially allowing them to escape the sandbox that isolates browser processes from the underlying operating system.
Score: 10 Votes (Like | Disagree)
ArtOfWarfare Avatar
ArtOfWarfare
17 hours ago at 06:35 pm

Good reason not to trust Google ever :rolleyes:
This impacts all Chromium browsers, so Brave, Edge, Opera, and most other browsers not named Firefox or Safari.

The same issue causes Safari to crash, which while inconvenient, is preferable to having malicious code able to access data that it shouldn't.

What happens in Firefox?
Score: 10 Votes (Like | Disagree)
adamw Avatar
adamw
18 hours ago at 05:51 pm

How is that even possible unless the person downloads a file or allows third party apps? ?
Sounds like if a Google Chrome (or Safari) user went to view any web page with the malicious code embedded, it could take over their whole system by "allowing remote users to execute arbitrary code" on their machine. Appears to affect anyone using the web browser to view an infected web site, and not only to affect downloads of files or third party apps.
Score: 6 Votes (Like | Disagree)
Love-hate ? relationship Avatar
Love-hate ? relationship
15 hours ago at 08:52 pm

Good reason not to trust Google ever :rolleyes:
You know how often this has happened to safari? I'll tell you: a damn lot

And when this happens, you need a WHOLE OS update to fix it , while chrome only needs an app update most of the time (not this time around though)
Score: 6 Votes (Like | Disagree)
star-affinity Avatar
star-affinity
11 hours ago at 12:58 am

Good reason not to trust Google ever :rolleyes:

Well, that's not true as Safari is a separate download on Ventura and Sonoma (and every other supported macOS that's not the current one). Having to install a whole point update on the most recent macOS is a choice Apple makes.
But what is true is that security problems are continuously discovered in software from all vendors and it’s definitely not the last time it happens in code written by folks from Google nor Apple.
Score: 5 Votes (Like | Disagree)
culex Avatar
culex
11 hours ago at 12:59 am

Apple released yesterday address a major zero-day attack that targeted Chrome users
How can Apple fix a Chrome bug? That's right, they can't. They simply used the same buggy open source code in Webkit and patched it two weeks after Google. Pretty misleading headline.
Score: 4 Votes (Like | Disagree)
Read All Comments