Skip to Content

iOS 18.6 and macOS Sequoia 15.6 Address Chrome Zero-Day Attack

by

The iOS 18.6, iPadOS 18.6, and macOS Sequoia 15.6 updates that Apple released yesterday address a major zero-day attack that targeted Chrome users, according to Bleeping Computer.

Chrome Feature 22
Apple says that CVE-2025-6558 was a vulnerability in open source code that also affected Apple software. The flaw could allow remote attackers to execute arbitrary code using HTML pages created for that purpose, escaping Chrome's sandboxing. Google patched the issue on July 15, and said that it had been actively exploited.

In Safari, Apple said that the issue could cause unexpected crashing, but it wasn't known to have been used in attacks against Safari users.

Google hasn't offered up technical details on how the exploit worked, and the company said that additional information would be restricted until the majority of users have updated their devices. Chrome users who have not installed the latest version of Chrome should do so.

Popular Stories

iOS 27 Mock Quick

iOS 27 Will Reportedly Be Like Mac OS X Snow Leopard

Sunday March 15, 2026 9:42 am PDT by
In his Power On newsletter today, Bloomberg's Mark Gurman reiterated that iOS 27 will be similar to 2009's Mac OS X Snow Leopard, in the sense that one of Apple's biggest priorities is bug fixes for improved performance and stability. During WWDC 2008's State of the Union, Apple showed a slide that said Mac OS X Snow Leopard had "0 new features," as it opted to focus on performance and...
Read Full Article261 comments
AirPods Max 2 Feature

Apple Announces AirPods Max 2 With H2 Chip and More

Monday March 16, 2026 6:12 am PDT by
Apple today unveiled AirPods Max 2, with key upgrades including the H2 chip, increased active noise cancellation, improved sound quality, and features such as Adaptive Audio, Conversation Awareness, Voice Isolation, and Live Translation. The new AirPods Max have the same overall design as the previous generation, with most of the new features coming from the upgrade to the H2 chip:- Adaptive ...
Read Full Article345 comments
Apple Logo Sketch Feature

Apple Unveiled a Surprise New Product Today

Monday March 16, 2026 10:50 am PDT by
Surprise! Apple today unveiled the AirPods Max 2, despite no rumors suggesting that a new version of Apple's over-ear headphones were imminent. Key upgrades compared to the previous AirPods Max include Apple's H2 chip, increased active noise cancellation, improved sound quality, and features such as Adaptive Audio, Conversation Awareness, Voice Isolation, and Live Translation. AirPods Max ...
Read Full Article

Top Rated Comments

adamw Avatar
adamw
8 months ago

Good reason not to trust Google ever :rolleyes:
This not only applies to Google Chrome, but also appears to affect Safari (by causing a crash to it.) Here is more about this exploit:

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Tracked as CVE-2025-6558 ('https://nvd.nist.gov/vuln/detail/CVE-2025-6558'), the security bug is due to the incorrect validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) open-source graphics abstraction layer, which processes GPU commands and translates OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL.

The vulnerability enables remote attackers to execute arbitrary code within the browser's GPU process via specially crafted HTML pages, potentially allowing them to escape the sandbox that isolates browser processes from the underlying operating system.
Score: 12 Votes (Like | Disagree)
ArtOfWarfare Avatar
ArtOfWarfare
8 months ago

Good reason not to trust Google ever :rolleyes:
This impacts all Chromium browsers, so Brave, Edge, Opera, and most other browsers not named Firefox or Safari.

The same issue causes Safari to crash, which while inconvenient, is preferable to having malicious code able to access data that it shouldn't.

What happens in Firefox?
Score: 11 Votes (Like | Disagree)
L
Love-hate šŸ relationship
8 months ago

Good reason not to trust Google ever :rolleyes:
You know how often this has happened to safari? I'll tell you: a damn lot

And when this happens, you need a WHOLE OS update to fix it , while chrome only needs an app update most of the time (not this time around though)
Score: 7 Votes (Like | Disagree)
adamw Avatar
adamw
8 months ago

How is that even possible unless the person downloads a file or allows third party apps? šŸ˜¬
Sounds like if a Google Chrome (or Safari) user went to view any web page with the malicious code embedded, it could take over their whole system by "allowing remote users to execute arbitrary code" on their machine. Appears to affect anyone using the web browser to view an infected web site, and not only to affect downloads of files or third party apps.
Score: 6 Votes (Like | Disagree)
star-affinity Avatar
star-affinity
8 months ago

Good reason not to trust Google ever :rolleyes:

Well, that's not true as Safari is a separate download on Ventura and Sonoma (and every other supported macOS that's not the current one). Having to install a whole point update on the most recent macOS is a choice Apple makes.
But what is true is that security problems are continuously discovered in software from all vendors and itā€™s definitely not the last time it happens in code written by folks from Google nor Apple.
Score: 6 Votes (Like | Disagree)
C
culex
8 months ago

Apple released yesterday address a major zero-day attack that targeted Chrome users
How can Apple fix a Chrome bug? That's right, they can't. They simply used the same buggy open source code in Webkit and patched it two weeks after Google. Pretty misleading headline.
Score: 5 Votes (Like | Disagree)
Read All Comments