Out of Bounds Memory Access in Google Chrome for Mac
CVE-2025-14174

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 12 December 2025

Badges

📈 Score: 427💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-14174?

CVE-2025-14174 is a high-severity vulnerability affecting Google Chrome for Mac, specifically in the ANGLE component. This issue arises from out-of-bounds memory access, which can be triggered when a user interacts with a specially crafted HTML page. Google Chrome, a widely used web browser, serves as a platform for accessing web applications and content. The vulnerability poses a serious risk as it potentially allows remote attackers to manipulate memory beyond intended boundaries, which could lead to unauthorized access, data corruption, or even full system compromise.

Given the popularity of Google Chrome, the impact of this vulnerability is significant, as it can affect numerous organizations relying on the browser for business operations, online transactions, or sensitive communications. If exploited, CVE-2025-14174 can result in severe disruptions, exposing critical data and enabling further exploitation of connected systems.

Potential Impact of CVE-2025-14174

Data Breaches: Exploitations of this vulnerability could lead to unauthorized access to sensitive information, including personal data, financial records, or proprietary business information, greatly compromising organizational security.
System Compromise: Attackers may gain the ability to execute arbitrary code on affected systems, enabling them to take control of the compromised environment. This can facilitate further attacks within the organization, such as lateral movement or installation of malware.
Reputation Damage: Successful exploitation of this vulnerability could result in public disclosures of data breaches, leading to reputational harm and eroded trust from clients and stakeholders, which may have lasting implications for the organization’s operations and market position.

CISA has reported CVE-2025-14174

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-14174 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome 143.0.7499.110

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14174-analysis
Created by zeroxjf

News Articles

innoGyan •

CVE-2025-14174 CVE-2025-43529

Apple Recommends Immediate Updates for iPhone and Other Products • innoGyan

Apple has issued an urgent security update after confirming the active exploitation of two critical WebKit vulnerabilities, urging iPhone and Apple device

1 week ago