Google Chromium Out-of-Bounds Memory Access Vulnerability (CVE-2025-14174)

An Out-of-Bounds Memory Access vulnerability (CVE-2025-14174) has been identified in ANGLE (Almost Native Graphics Layer Engine) that affects Google Chrome and Chromium-based browsers.  It allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page, potentially leading to arbitrary code execution in browsers which could lead to memory corruption.  The vulnerability is actively being exploited in the wild and affects a wide range of products.  Users are strongly advised to update their browsers and devices immediately to the versions listed below to mitigate potential risks.

Vulnerability

• Out-of-Bounds Memory Access Vulnerability (CVE-2025-14174)

Severity Level

• High

Affected versions

• Google Chrome prior to 143.0.7499.109/.110 (Mac)
• Google Chrome prior to 143.0.7499.109/.110 (Windows)
• Google Chrome prior to 143.0.7499.109 (Linux)
• Safari prior to version 26.2
• iOS and iPadOS prior to version 26.2
• iOS and iPadOS prior to version 18.7.3
• macOS Sonoma prior to version 14.8.3
• macOS Sequoia prior to version 15.7.3
• macOS Tahoe prior to version 26.2
• tvOS prior to version 26.2
• watchOS prior to version 26.2
• visionOS prior to version 26.2

Remediation

• Update the Google Chrome and Chromium-based browsers to the latest version IMMEDIATELY.
• Update affected Apple products to the latest version IMMEDIATELY.

Reference

• Chrome Releases
• HKCERT: Google Chrome Multiple Vulnerabilities (CVE-2025-14174)
• HKCERT: Apple Products Multiple Vulnerabilities (CVE-2025-14174 & CVE-2025-43529)
• GovCERT.HK – High Threat Security Alert (A25-12-14): Multiple Vulnerabilities in Apple Products
• Release notes for Microsoft Edge Security Updates | Microsoft Learn
• NVD – CVE-2025-14174
• CVE Record: CVE-2025-14174

Enquiry

• ITSC Service Desk: http://servicedesk.itsc.cuhk.edu.hk

Published on: 17 Dec 2025