CVE-2025-14174

ENISA EUVD: EUVD-2025-203113 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 11 articles Published: 2025-12-12

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.31%

probability

This CVE has a 0.31% probability of being exploited in the next 30 days.

0% Top 54.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google

Chrome

143.0.7499.110

google

chrome

apple

safari

apple

ipados

apple

iphone os

apple

macos

Google

Chrome

143.0.7499.110 <143.0.7499.110

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

Dec. 12, 2025

Reported by

Apple and Google Threat Analysis Group

Root Cause Analysis

???

Exploits & PoC

Satirush/CVE-2025-14174-Poc

Proof-of-Concept exploit for CVE-2025-14174 (EUVD-2025-203113) - Memory corruption in ANGLE allowing out-of-bounds access and RCE in web browsers. Rel

9 2025-12-18

George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day

3 2026-02-10

typeconfused/CVE-2025-14174-analysis

Analysis and PoC for CVE-2025-14174 - ANGLE Metal OOB write (iOS Safari, macOS Chrome)

1 2026-01-02

3 repos — triés par ⭐ Rechercher sur GitHub ↗

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html

https://issues.chromium.org/issues/466192044

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.31%

CVSS v3.1 8.8

Mentions 11

Last Seen Apr 01, 2026

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2025-14174 is confirmed as actively exploited in-the-wild with high severity (CVSS 8.8), reported by multiple credible sources including TheHackerNews documenting active exploitation. The vulnerability affects a widely-used component (ANGLE in Chrome) on macOS, and Google has issued an official patch, with evidence of sophisticated attack campaigns leveraging this flaw.

Threat Actors 5

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Hacking Team

apt_group 🇮🇹 IT

Mana Team

apt_group 🇨🇳 CN

Operation Triangulation

apt_group Information theft and espionage 🇷🇺 RU

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026

Published DateDec 12, 2025