CVE-2025-14174: Chrome ANGLE Memory Flaw Under Attack

CVE ID: CVE-2025-14174

Severity: HIGH | CVSS: 8.8

Sources: 2 different security sources

Status: ACTIVELY EXPLOITED - Added to CISA KEV Catalog

Let Me Explain What Happened

My friends, we need to talk about something important happening right now with Google Chrome. On December 12, 2025, CISA added a new vulnerability to their Known Exploited Vulnerabilities catalog, which means attackers are already using this flaw in the wild. This isn't a theoretical problem—it's happening as we speak. The vulnerability affects Chrome's ANGLE component, a piece of software that helps your browser display graphics, and attackers can exploit it simply by getting you to visit a malicious website. Think of it like someone finding a way to reach through your computer screen just by showing you a specially crafted webpage.

A Bit More Detail

Here's what's going on under the hood: ANGLE (Almost Native Graphics Layer Engine) is the technology Chrome uses on Mac computers to translate graphics commands. The vulnerability allows an attacker to access memory outside the boundaries they're supposed to stay within—imagine someone not just opening your front door, but reaching through the walls of your house to grab things from rooms they shouldn't even be able to see. With a CVSS score of 8.8, this is rated as HIGH severity, and the fact that it requires no special privileges and only needs you to interact with a webpage makes it particularly dangerous.

The Technical Specifics

• Attack Vector: Network (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
• Affected Products: Google Chrome on Mac prior to version 143.0.7499.110
• Also Affects: Microsoft Edge and other Chromium-based browsers
• CWE Classification: CWE-787 (Out-of-bounds Write), CWE-119 (Improper Restriction of Operations within Memory Buffer)
• Attack Complexity: Low - No special conditions required
• Privileges Required: None - Attacker needs no authentication
• User Interaction: Required - Victim must visit malicious page
• Impact: High confidentiality, integrity, and availability impact
• Chromium Issue: Tracked as issue 466192044

Why This Matters So Much

Let me walk you through why CISA moved so quickly on this one. When CISA adds a vulnerability to their KEV catalog, they're essentially saying "we have evidence this is being used in attacks right now." This isn't a drill or a warning about something that might happen—it's a response to active exploitation. The vulnerability affects not just Chrome, but potentially any browser built on Chromium, including Microsoft Edge and Opera. That's a massive attack surface.

The out-of-bounds memory access vulnerability means an attacker can read or write data outside the allocated memory space. In practical terms, this could allow them to execute arbitrary code on your system, steal sensitive information, or crash your browser. The attack vector being "network" with "low" complexity means it's relatively easy for attackers to exploit this remotely, and they're already doing so.

What You Should Do About This

• Right Now (Emergency Actions):
  • Update Chrome immediately: Open Chrome, click the three dots in the upper right, go to Help → About Google Chrome. The browser should automatically check for updates and install version 143.0.7499.110 or later. Don't wait—do this as soon as you finish reading this.
  • Update Microsoft Edge: If you use Edge, go to Settings → About Microsoft Edge and ensure you have the latest security updates installed. Microsoft has released corresponding patches.
  • Restart your browser: After updating, completely close and reopen your browser. Updates don't fully apply until you restart.
  • Check other Chromium browsers: If you use Opera, Brave, Vivaldi, or other Chromium-based browsers, check for and install updates immediately.
• For Organizations (IT/Security Teams):
  • Deploy patches urgently: CISA's KEV catalog inclusion means federal agencies must patch within their required timeframe, but all organizations should treat this as a priority. Use your patch management system to push Chrome updates immediately.
  • Verify patch deployment: Run inventory scans to identify systems still running Chrome versions below 143.0.7499.110 on Mac systems.
  • Monitor for exploitation attempts: Review web proxy logs for unusual patterns, particularly connections to suspicious domains followed by browser crashes or unexpected behavior.
  • Consider temporary mitigations: If immediate patching isn't possible, consider restricting web browsing to essential sites only until patches can be deployed.
• For the Long Term:
  • Enable automatic updates: Make sure Chrome's automatic update feature is enabled so you receive security patches as soon as they're available.
  • Implement browser isolation: Consider using browser isolation technologies that run web content in sandboxed environments separate from your main system.
  • Security awareness: Train users to be cautious about clicking links from unknown sources, especially during periods of active exploitation.
  • Monitor CISA KEV: Regularly check CISA's Known Exploited Vulnerabilities catalog for new additions that might affect your environment.

Detection and Hunting Guidance

For security teams wanting to hunt for potential exploitation in their environment, here's what to look for:

• Browser crash patterns: Look for unusual Chrome crash reports, particularly on Mac systems, especially if they correlate with visits to specific websites.
• Memory corruption indicators: Monitor for browser processes exhibiting abnormal memory usage patterns or unexpected child processes.
• Web proxy analysis: Review logs for connections to newly registered domains or sites with suspicious characteristics, particularly if followed by browser instability.
• Endpoint detection: Configure EDR solutions to alert on Chrome processes exhibiting unusual behavior, such as unexpected network connections or file system access.

Understanding the Broader Context

This vulnerability is part of a concerning trend we've been seeing with browser-based attacks. Browsers have become one of the most attractive targets for attackers because they're the gateway to so much of what we do online. ANGLE, specifically, is an interesting target because it sits at the intersection of web content and graphics processing—a complex area where security bugs can have serious consequences.

The fact that this affects Chrome on Mac is particularly noteworthy. While Windows systems often get more attention in security discussions, Mac users sometimes have a false sense of security. This vulnerability reminds us that no platform is immune, and keeping software updated is critical regardless of your operating system.

MITRE ATT&CK Mapping

For those of you who track threats using the MITRE ATT&CK framework, this vulnerability aligns with several techniques:

• T1189 - Drive-by Compromise: The primary attack vector, where victims are compromised by visiting a malicious website
• T1203 - Exploitation for Client Execution: Exploiting the browser vulnerability to execute code
• T1055 - Process Injection: Potential follow-on technique using the memory corruption vulnerability

Where I Found This Information

• National Vulnerability Database - CVE-2025-14174 (Authoritative technical details)
• CISA Alert - Known Exploited Vulnerability Addition (Credibility: 10)
• CISA KEV Catalog Entry (Credibility: 10)
• Google Chrome Releases Blog - Stable Channel Update
• Chromium Issue Tracker - Issue 466192044
• Microsoft Edge Security Release Notes

Note: This analysis is based on official sources including CISA's Known Exploited Vulnerabilities catalog and the National Vulnerability Database. The active exploitation status makes this a critical priority for patching. Always test updates in a controlled environment when possible, but given the active exploitation, speed is essential here. Stay safe out there, and don't hesitate to reach out to your security team if you have questions.