Apple’s Latest Security Update Patches Zero-Day Vulnerability in Chrome
When Apple released iOS 18.6 this week, it didn’t add a ton of new features or changes. In fact, after the update, your iPhone will look exactly the same as it did before iOS 18.5. However, the update did include more than 20 fixes for security vulnerabilities in iOS, making it an important security update for all compatible devices.
When Apple published its security notes for the update, the company did not indicate whether any of these vulnerabilities were zero-days, meaning they had been exploited or publicly disclosed before the patch was released. This gives the user an advantage, as it suggests that attackers have not yet figured out how to exploit any of the already-patched vulnerabilities. However, as it turns out, one of these vulnerabilities was actively exploited, but not against an Apple product.
The vulnerability in question is designated CVE-2025-6558. According to Apple’s release notes, the vulnerability could cause Safari to crash when handling malicious web content. Apple says the vulnerability is not specific to iOS, but is open source and affects Apple software.
While Apple says this vulnerability has not been exploited against Apple software, at least at the time of the release notes, one software product that appears to be actively exploited by this vulnerability is Google Chrome. As reported by Bleeping Computer , CVE-2025-6558 could allow attackers to run their own code in Chrome’s GPU process when visiting malicious websites. This could allow hackers to compromise the target device’s operating system. If you’re using an Apple product, that means iOS, macOS, iPadOS, tvOS, visionOS, or watchOS could be compromised by this attack. (Apple has released security updates for all of these OSes accordingly.)
The vulnerability is serious: The Cybersecurity and Infrastructure Security Agency (CISA) has included the vulnerability in its Catalog of Known Exploitable Vulnerabilities and is now requiring federal agencies to update their software by August 12.
Protecting Your Devices From This Zero-Day Vulnerability
To protect your devices from this vulnerability, you need to update all affected hardware and software. This means you need to update all Apple devices to iOS 18.6, and if you use Chrome or a Chromium-based browser (such as Microsoft Edge or Opera), you need to update it to the latest version.
Typically, Apple updates, such as on an iPhone, can be installed via Settings > General > Software Update . In Chrome, tap the three dots in the upper-right corner, then select Help > About Google Chrome .