Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page, potentially leading to arbitrary code execution in browsers.
Discovered and patched just days ago, this vulnerability underscores ongoing threats to Chromium-based browsers dominating the web. Attackers could exploit it for drive-by compromises, data theft, or ransomware deployment, though CISA notes no confirmed ransomware ties yet. Federal agencies must apply mitigations by January 2, 2026, or discontinue affected products.
CVE-2025-14174 resides in ANGLE, Chromium’s OpenGL ES interface layer, where improper bounds checking allows memory corruption. A crafted webpage can invoke the flaw during rendering, bypassing sandbox protections in some scenarios.
The National Vulnerability Database (NVD) rates it high severity, with early CVSS v3.1 assessments pointing to remote code execution risks.
| CVE ID | Description | CVSS v3.1 Score | Affected Versions | Patched Versions |
|---|---|---|---|---|
| CVE-2025-14174 | Out-of-bounds memory access in ANGLE via HTML | 8.8 (High) | Chromium < 131.0.6778.200 | Chrome 131.0.6778.201+ Edge 131.0.3139.95+ |
No public indicators of compromise (IoCs) have surfaced, but threat actors are likely to chain it to phishing or malvertising.
CISA urges immediate patching per Binding Operational Directive (BOD) 22-01 for federal systems, especially cloud services. Organizations should scan for unpatched browsers, enforce automatic updates, and monitor for anomalous rendering crashes.
Google rolled out Stable Channel fixes on December 10, bumping Chrome to version 131.0.6778.201. Microsoft Edge followed with 131.0.3139.95, while Opera users should check vendor channels. “Users are advised to relaunch browsers post-update,” Google stated in its release notes.
This incident highlights Chromium’s vast attack surface, affecting over 70% of desktop browsers. Security teams worldwide should prioritize remediation amid rising zero-day exploits.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.
For Memorial Day, Dell is offering an Alienware 16X Aurora gaming laptop that's loaded with…
Forza Horizon 6 for PC and Xbox was released on May 19. This is the…
Tom Hardy may not return for MobLand Season 3 after reportedly butting heads with cast…
Heading into Memorial Day weekend, there are some incredible deals on tons of video games…
If you're an iPhone user, then don't miss this opportunity to pick up a pair…
LEGO produces a lot of new sets each month, with more and more of these…
This website uses cookies.