Overview

• On July 16, Google began rolling out Chrome 138.0.7204.157/158 across Windows, macOS and Linux to address six high-risk security flaws.
• One of the patched vulnerabilities, CVE-2025-6558 in ANGLE and GPU, is already being exploited in the wild for remote code execution.
• Two other critical fixes cover a V8 JavaScript engine integer overflow (CVE-2025-7656) and a WebRTC use-after-free bug (CVE-2025-7657) reported by external researchers.
• The update is delivered through a staged rollout with options for users to manually trigger installation on desktop and mobile platforms.
• Chromium-based browsers including Microsoft Edge, Brave, Vivaldi and Opera are expected to release corresponding security updates in the coming days.