CVE-2025-6558
Publication date 15 July 2025
Last updated 13 August 2025
Ubuntu priority
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Read the notes from the security team
Why is this CVE high priority?
CVE is in CISA-KEV list
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| webkitgtk | 25.04 plucky | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| webkit2gtk | 25.04 plucky |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| qtwebkit-source | 25.04 plucky | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| qtwebkit-opensource-src | 25.04 plucky | Not in release |
| 24.04 LTS noble | Ignored | |
| 22.04 LTS jammy | Ignored | |
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| wpewebkit | 25.04 plucky | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
Notes
alexmurray
The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur
starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
jdstrand
webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
mdeslaur
It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking as ignored. wpewebkit isn't used by anything of importance in the archive, except for cog, an example container for wpewebkit. There is no point in attempting to backport newer wpewebkit versions to the archive. As such, marking as ignored. It is not feasible to fix webkitgtk, qtwebkit-source, and qtwebkit-opensource-src. Marking them as ignored.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |