A newly discovered browser vulnerability has raised alarms among cybersecurity experts — and if you’re using an iPhone, iPad, or even a Mac, you may already be exposed. The flaw, tracked as CVE-2025-6558, affects the core rendering engine used by Google Chrome, Safari, and other Chromium-based browsers. It allows attackers to exploit malicious HTML content — something as simple as a webpage — to execute harmful code on your device. That includes the potential installation of spyware or data extraction tools. As you can understand, Apple insists that all users install the latest iOS 18.6 security update.
Exploited in the Wild — and Already on CISA’s Radar
First reported in June, the bug has already been exploited in zero-day attacks, including by threat actors suspected of ties to state-level cyber operations. Targets so far have included journalists, activists, and political figures — but that doesn’t mean everyday users are safe.
“These kinds of vulnerabilities don’t stay exclusive to high-profile targets for long,” one analyst told Bleeping Computer. “Once they’re out there, they tend to trickle down into criminal networks and mass phishing schemes.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6558 to its Known Exploited Vulnerabilities catalog, signaling that this isn’t a theoretical risk — it’s active, it’s real, and it’s dangerous.
Google Already Patched Chrome — Has Apple Done Enough?
Google responded quickly, releasing a patch in Chrome version 138.0.7204.157 on July 15, covering both desktop and Android platforms. If you haven’t already, updating Chrome is urgent.
On Apple’s side, the same flaw hit WebKit, the engine that powers Safari and every web view across iOS, iPadOS, macOS, watchOS, and tvOS. Apple issued its fix in iOS 18.6 and iOS 26 Beta, but here’s the catch — many users haven’t updated yet. So you MUST install now the latest iOS 18.6 security update
Unlike Google’s patch, which can be applied within the browser itself, Apple users need to update the entire OS to close the vulnerability.
What You Should Do Right Now
If you’re using any of the following Apple devices, check for updates immediately:
- iPhone or iPad → Install iOS 18.6
- Mac → Update to macOS 15.6.1 or newer
- Apple Watch → Update to watchOS 11.6
- Apple TV → Update to tvOS 18.6
You can do this by heading to:
Settings → General → Software Update
Don’t wait for your device to auto-update — this one needs manual attention.
The Bigger Picture: Silent Bugs, Loud Consequences
This vulnerability is a reminder that your biggest security risks don’t always come from sketchy apps or obvious scams. Sometimes, they’re lurking in the everyday tools you trust — like the browser you use dozens of times a day.
With spyware kits being sold on dark web marketplaces and browser exploits among the most commonly traded attack vectors, even casual users are in the crosshairs. The best protection? Stay updated. Not just your apps, but your entire system.
