CISA has issued an urgent alert regarding a critical vulnerability in Google Chromium, identified as CVE-2025-6558, which is actively being exploited in the wild. This high-severity flaw (high) affects all Chromium-based browsers, including Google Chrome, Microsoft Edge, and Opera, placing hundreds of millions of users at risk. The vulnerability originates from improper input validation in Chromium’s ANGLE (Almost Native Graphics Layer Engine) and GPU components, which are responsible for rendering graphics using OpenGL ES. Exploiting this flaw enables threat actors to escape the browser's security sandbox, one of the core protective mechanisms that prevents malicious code from affecting the host system.

The vulnerability allows attackers to break out of the browser’s sandbox environment using maliciously crafted HTML pages, exploiting the faulty input validation during GPU-accelerated rendering processes. Once a user visits a malicious site, threat actors can trigger the vulnerability, resulting in potential remote code execution, data theft, or persistent access to the system. This sandbox escape technique bypasses essential browser security controls and may be used as part of broader, more sophisticated attacks on both personal and enterprise systems.

According to CISA, the vulnerability was added to the Known Exploited Vulnerabilities (KEV) catalog on July 22, 2025, due to confirmed exploitation. Agencies and organizations are now under a strict compliance timeline, with a patching deadline of August 12, 2025, under Binding Operational Directive (BOD) 22-01. Google has begun releasing security patches via stable channel updates, and users are urged to update their browsers immediately. If updates are not yet available for a specific product, organizations are advised to temporarily discontinue its use to mitigate the risk.

This issue highlights the broader implications of shared codebases among web browsers and the critical need for timely patch management. As attackers increasingly target graphics subsystems and lower-level components like ANGLE, ensuring robust input validation and frequent updates becomes essential. CISA’s directive serves as a strong reminder that even a single vulnerability in a widely used engine like Chromium can cascade across multiple platforms, affecting both individual users and entire organizations. Immediate action is imperative to reduce exposure and prevent exploitation.