CVE-2025-14174
CVE-2025-14174
In short
A flaw in Chrome's graphics engine (ANGLE) on Mac allows attackers to access memory outside safe boundaries through a malicious webpage, potentially crashing the browser or exposing sensitive data.
Technical detail
Out-of-bounds memory access vulnerability in ANGLE graphics library affecting Chrome on macOS versions prior to 143.0.7499.110. Remote attack vector via crafted HTML page; requires user to visit malicious site. Impact includes information disclosure and potential code execution.
Summary generated and translated by AI from the official description.
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 3
githubgithub.com/Satirush/CVE-2025-14174-Poc★ 9githubgithub.com/George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day★ 3githubgithub.com/typeconfused/CVE-2025-14174-analysis★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.htmlhttps://issues.chromium.org/issues/466192044https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-securityhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174