⚠ Actively exploited

Added to CISA KEV on 2025-12-12. Federal agencies required to patch by 2026-01-02. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-14174

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow CWE-823 CWE-82531 documents14 sources

Severity

8.8HIGH

EPSS

1.0%

top 22.49%

CISA KEV

KEV

Added 2025-12-12

Due 2026-01-02

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +7 more

Timeline

PublishedDec 12

KEV addedDec 12

KEV dueJan 2

Latest updateApr 1

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages17 packages

▶CVEListV5google/chrome143.0.7499.110 — 143.0.7499.110

▶NVDgoogle/chrome143.0.7499.41 — 143.0.7499.110+2

▶NVDmicrosoft/edge_chromium< 143.0.3650.80

▶CVEListV5apple/tvos< 26.3

▶NVDapple/tvos< 26.2

🔴Vulnerability Details

OSV

CVE-2025-14174: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143↗2025-12-12

▶

CVEList

CVE-2025-14174: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143↗2025-12-12

▶

GHSA

GHSA-9fjm-6w64-76r7: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143↗2025-12-12

▶

VulnCheck

Google Chromium Out of Bounds Memory Access Vulnerability↗2025

▶

📋Vendor Advisories

Apple

CVE-2025-14174: tvOS 26.3↗2026-02-11

▶

Apple

CVE-2025-14174: macOS Tahoe 26.3↗2026-02-11

▶

Apple

CVE-2025-14174: visionOS 26.3↗2026-02-11

▶

Apple

CVE-2025-14174: watchOS 26.3↗2026-02-11

▶

Apple

CVE-2025-14174: iOS 26.3 and iPadOS 26.3↗2026-02-11

▶

🕵️Threat Intelligence

Bleepingcomputer

Apple expands iOS 18 updates to more iPhones to block DarkSword attacks↗2026-04-01

▶

Bleepingcomputer

New DarkSword iOS exploit used in infostealer attack on iPhones↗2026-03-18

▶

Bleepingcomputer

Apple fixes zero-day flaw used in 'extremely sophisticated' attacks↗2026-02-11

▶

Bleepingcomputer

Apple fixes two zero-day flaws exploited in 'sophisticated' attacks↗2025-12-12

▶

Wiz

CVE-2025-14174 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶