Google近日釋出Chrome瀏覽器穩定版138.0.7204.157/.158,適用於Windows、Mac及Linux平台,重點在於修補多項高風險資安漏洞。其中,CVE-2025-6558為GPU元件的重大安全缺陷,與ANGLE(Almost Native Graphics Layer Engine)和GPU處理未經驗證輸入時的驗證不足有關,已被證實遭攻擊者鎖定並利用,屬於零時差漏洞。Google威脅分析小組指出,該漏洞可能讓攻擊者執行惡意程式碼,危及用戶資料與系統安全。由於相關技術細節暫未公開,以防止進一步濫用,Google強烈建議所有用戶儘速完成瀏覽器更新,以降低風險。本次更新同時修補V8引擎整數溢位(CVE-2025-7656)及WebRTC元件記憶體釋放後再被利用(CVE-2025-7657)等其他高風險漏洞,進一步提升整體安全防護。
《Cybersecurity News》Chrome 138 Patches GPU Zero-Day Vulnerability, Google Urgently Calls for Users to Update
Google has just released the latest Chrome browser version (138.0.7204.157/.158) for all Windows, Mac, and Linux computers, and this update is extremely important! Why? Because they’ve discovered several serious security vulnerabilities, especially a major GPU-related issue (CVE-2025-6558). Simply put, this vulnerability is related to how the browser processes graphics, and—most frighteningly—hackers are already exploiting it in real-world attacks!
This type of “zero-day vulnerability" (meaning everyone learns about the problem simultaneously, without any time gap for defense) could allow malicious actors to secretly run malware on your computer, steal your data, or take control of your system. Google hasn’t published many technical details specifically to avoid providing more hackers with an “attack tutorial."
So, friends, don’t delay—update your Chrome browser immediately! This update also fixes several other dangerous vulnerabilities, including a number processing issue in the V8 engine (CVE-2025-7656) and a memory security flaw in WebRTC (CVE-2025-7657). One update, comprehensive protection—why wouldn’t you do it?
大世科 blog 