Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News  ›  2025  ›  Emergency Chrome Security Update: CMU Community Urged to Patch Immediately

Emergency Chrome Security Update: CMU Community Urged to Patch Immediately

Emergency Chrome Security Update: CMU Community Urged to Patch Immediately

Updated 7/31/2025

A critical security vulnerability has been discovered in Google Chrome and Apple software, prompting emergency patches from both vendors. The flaw, identified as CVE-2025-6558, is currently being actively exploited in the wild.

What’s the Issue?

Chrome (CVE-2025-6558): Insufficient validation of input could allow attackers to execute malicious code simply by getting users to visit a compromised website.

Apple (CVE-2025-6558): Processing maliciously crafted web content may lead to an unexpected Safari crash.

Who Is Affected?

Chrome Users: Anyone using versions prior to 138.0.7204.157 on Windows & Linux and 138.0.7204.158 on macOS.

Apple Users: Anyone using versions prior to:

Safari 18.6 (macOS Ventura and macOS Sonoma)

iOS 18.6 and iPadOS 18.6 (Phone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later)

iPadOS 17.7.9 (iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation)

macOS Sequoia 15.6

macOS Sonoma 14.7.7

macOS Ventura 13.7.7

watchOS 11.6 (Apple Watch Series 6 and later)

tvOS 18.6 (Apple TV HD and Apple TV 4K (all models))

visionOS 2.6 (Apple Vision Pro)


What Should You Do?

The Information Security Office (ISO) strongly advises all students, faculty, and staff to take the following steps immediately:

Update Chrome:

  • Open Chrome.
  • Go to chrome://settings/help.
  • Chrome will automatically check for updates and install the latest version.
  • Restart the browser to apply the update.

Update Safari and Apple Devices:

  • Install the latest updates for iOS, iPadOS, macOS, and other Apple platforms.
  • Visit System Settings > General > Software Update on your Apple device.
  1. Check Your Version:
    • Google Chrome: Make sure your Chrome version is 138.0.7204.157 (Windows & Linux) or 138.0.7204.158 (macOS) or higher.
    • Apple: Ensure your device is running the latest software version as listed in Apple’s July 29 & 30, 2025 advisories
  2. Update Other Browsers:
    • If you use Edge, Brave, or Opera, check for updates and apply them as soon as they are released.
  3. Be Cautious Online:
    • Avoid clicking on suspicious links or visiting unfamiliar websites.

For Managed Machines

If you manage lab machines or shared systems:

  • Ensure automatic updates are enabled.
  • Verify that all endpoints are running the latest browser version.

Stay Informed

The ISO will continue to monitor the situation and provide updates as needed. For questions or assistance, contact iso@andrew.cmu.edu or visit the Information Security Office website.