Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page, potentially leading to arbitrary code execution in browsers.
Discovered and patched just days ago, this vulnerability underscores ongoing threats to Chromium-based browsers dominating the web. Attackers could exploit it for drive-by compromises, data theft, or ransomware deployment, though CISA notes no confirmed ransomware ties yet. Federal agencies must apply mitigations by January 2, 2026, or discontinue affected products.
CVE-2025-14174 resides in ANGLE, Chromium’s OpenGL ES interface layer, where improper bounds checking allows memory corruption. A crafted webpage can invoke the flaw during rendering, bypassing sandbox protections in some scenarios.
The National Vulnerability Database (NVD) rates it high severity, with early CVSS v3.1 assessments pointing to remote code execution risks.
| CVE ID | Description | CVSS v3.1 Score | Affected Versions | Patched Versions |
|---|---|---|---|---|
| CVE-2025-14174 | Out-of-bounds memory access in ANGLE via HTML | 8.8 (High) | Chromium < 131.0.6778.200 | Chrome 131.0.6778.201+ Edge 131.0.3139.95+ |
No public indicators of compromise (IoCs) have surfaced, but threat actors are likely to chain it to phishing or malvertising.
CISA urges immediate patching per Binding Operational Directive (BOD) 22-01 for federal systems, especially cloud services. Organizations should scan for unpatched browsers, enforce automatic updates, and monitor for anomalous rendering crashes.
Google rolled out Stable Channel fixes on December 10, bumping Chrome to version 131.0.6778.201. Microsoft Edge followed with 131.0.3139.95, while Opera users should check vendor channels. “Users are advised to relaunch browsers post-update,” Google stated in its release notes.
This incident highlights Chromium’s vast attack surface, affecting over 70% of desktop browsers. Security teams worldwide should prioritize remediation amid rising zero-day exploits.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.
TAYLOR COUNTY, Texas (KTAB/KRBC) - A two-vehicle collision occurred south of Abilene Sunday afternoon. The…
Scream 7 has enjoyed a huge box office opening weekend, with nearly $100 million secured…
Another month has ended, and we are now officially in March! Today, there are quite…
Why is this outdoor kitchen? | Image: Sonos An unannounced Sonos speaker called Play has…
In the midst of potential acquisition chaos, Warner Bros. has also been spinning deals with…
In a statement on X, Kalshi CEO Tarek Mansour said his company would pay out…
This website uses cookies.