AI description
CVE-2025-14174 is an out-of-bounds memory access vulnerability found in ANGLE, a component of Google Chrome. The vulnerability could allow a remote attacker to perform out-of-bounds memory access via a crafted HTML page. Google is aware that an exploit for this vulnerability exists in the wild. Apple also addressed CVE-2025-14174, describing it as a memory corruption flaw in WebKit that could lead to memory corruption. Apple indicated that this vulnerability may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.
- Description
- Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-119
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
29
AppleがWebKitの2つのゼロデイ (CVE-2025-43529, CVE-2025-14174) を修正。特定の標的ユーザを狙った高度攻撃で既に悪用の可能性あり。iOS/iPadOS/macOSの即時アップデートを。#Apple #WebKit #ZeroDay https://t.co/Bab8bqZAVO
@01ra66it
14 Dec 2025
450 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
CISA adds Google Chromium zero-day CVE-2025-14174 to KEV for ANGLE engine flaw allowing RCE via malicious HTML and out-of-bounds memory access. #vulnerability https://t.co/paSEnON1Fi
@threatcluster
13 Dec 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This vulnerability doesn’t break systems loudly — it quietly gives attackers more power than they should ever have. Today’s focus: CVE-2025-14174. https://t.co/Sarg6Bn9yd
@Awkiffffff
13 Dec 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
- CVE-2025-43529 a UAF bug that may lead to arbitrary code execution when processing maliciously crafted web content - CVE-2025-14174 memory corruption bug when processing maliciously crafted web content
@minacrissDev_
13 Dec 2025
437 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨Google + Apple Coordinate Emergency Patches After Zero-Day Attacks Google TAG and Apple jointly disclosed CVE-2025-14174—a WebKit/ANGLE flaw actively exploited in "extremely sophisticated attacks" against specific individuals. What's notable: the coordinated disclosure
@the_c_protocol
13 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PSA: update to the latest Version of Vivaldi, it includes the fix for CVE-2025-14174. We were so far ahead of others with the patch, that it got in before being publicly discussed. Therefore, it was not initially listed in the changelog. It is now, for everyone's convenience.
@vivaldibrowser
13 Dec 2025
2539 Impressions
9 Retweets
61 Likes
2 Bookmarks
1 Reply
0 Quotes
yesterday Apple released patches for 2 Webkit bugs - CVE-2025-43529 a UAF bug that may lead to arbitrary code execution when processing maliciously crafted web content - CVE-2025-14174 memory corruption bug when processing maliciously crafted web content https://t.co/K2JKGBQuKk
@BrutalSam_
13 Dec 2025
8017 Impressions
5 Retweets
76 Likes
12 Bookmarks
3 Replies
1 Quote
csirt_it: !! #Exploited #Apple: aggiornamenti di sicurezza risolvono diverse vulnerabilità, di cui 2 di tipo #0day - CVE-2025-14174 e CVE-2025-43529 Rischio: 🔴 Tra le tipologie 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/nQDtADZGfr 🔄 … https://t.c
@Vulcanux_
13 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patches two critical WebKit flaws (CVE-2025-43529 & CVE-2025-14174) exploited in the wild, affecting iOS, macOS, and more. CVE-2025-14174 was also fixed by Chrome earlier this year. #WebKitFix #AppleUpdate #USA https://t.co/ghVsfpw8p9
@TweetThreatNews
13 Dec 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patches two critical WebKit zero-day flaws (CVE-2025-43529 & CVE-2025-14174) exploited in targeted, sophisticated attacks affecting multiple devices. Google Chrome also coordinated fixes. #WebKitFlaws #TargetedAttacks #USA https://t.co/AvOmWqly6l
@TweetThreatNews
13 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple緊急対応:ゼロデイ2件が「高度な標的型攻撃」で悪用、今すぐアップデートを https://t.co/NVqWQNOckE AppleがWebKitのゼロデイ2件(CVE-2025-43529/CVE-2025-14174)を修正。iOS 26以前を使う“特定個人”への極めて高度
@cloudsec_news
13 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにChromiumの境界外メモリアクセスCVE-2025-14174を追加。対処期限は通常の2026/1/2。ランサムウェアによる悪用は不知。 https:
@__kokumoto
13 Dec 2025
1163 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 Update: Chrome’s active zero-day is now CVE-2025-14174 (8.8), a remote out-of-bounds memory bug in the ANGLE graphics engine. Already used in real attacks. Update now. 🔗 Read: https://t.co/Y5QjvXkyL4
@TheHackersNews
13 Dec 2025
16113 Impressions
45 Retweets
126 Likes
25 Bookmarks
4 Replies
2 Quotes
Patch Alert: Critical Apple WebKit Zero-Days Apple has released iOS 26.2 to address two actively exploited flaws linked to targeted spyware campaigns: CVE-2025-43529: Use-after-free allowing arbitrary code execution via malicious web content (Credited to Google TAG)CVE-2025-14174
@DarkCyberXX
13 Dec 2025
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Google Chrome out-of-bounds memory access vulnerability CVE-2025-14174 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/9zaKqUmVJK
@CISACyber
12 Dec 2025
4252 Impressions
17 Retweets
40 Likes
5 Bookmarks
1 Reply
0 Quotes
📣 EMERGENCY UPDATES 📣 Apple pushed additional updates for 2 zero-days that may have been actively exploited. 🐛 CVE-2025-14174 (WebKit) additional patches, 🐛 CVE-2025-43529 (WebKit) additional patches: - Safari 26.2
@ApplSec
12 Dec 2025
348 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
📣 EMERGENCY UPDATES 📣 Apple pushed updates for 2 new zero-days that may have been actively exploited. 🐛 CVE-2025-14174 (WebKit), 🐛 CVE-2025-43529 (WebKit): - iOS and iPadOS 18.7.3 - iOS and iPadOS 26.2 - macOS Tahoe 26.2 - tvOS 26.2 - visionOS 26.2 - watchOS 26.2
@ApplSec
12 Dec 2025
882 Impressions
2 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
「Microsoft Edge」でもゼロデイ脆弱性「CVE-2025-14174」が修正、実環境での悪用を確認/v143.0.3650.80が安定チャネルでリリース https://t.co/hhxhVSP93X https://t.co/cwcnW1JtDS
@nagi_triage
12 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
「Microsoft Edge」でもゼロデイ脆弱性「CVE-2025-14174」が修正、実環境での悪用を確認 - 窓の杜 https://t.co/FEsRbw019q
@syea_MoE
12 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
「Microsoft Edge」でもゼロデイ脆弱性「CVE-2025-14174」が修正、実環境での悪用を確認/v143.0.3650.80が安定チャネルでリリース https://t.co/4tYXDBSYSH https://t.co/D7INmQj51v
@madonomori
12 Dec 2025
10176 Impressions
59 Retweets
99 Likes
23 Bookmarks
0 Replies
2 Quotes