CISA Known Exploited Vulnerability (KEV)
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
July 22, 2025
August 12, 2025
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
References
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-20 |
Improper Input Validation |