CVE-2025-14174

Name of the Vulnerable Software and Affected Versions WebKitGTK versions 2.50.4-0ubuntu0.25.04.1 Google Chrome versions prior to 143.0.7499.110 Microsoft Edge versions prior to 143.0.7499.110 Opera versions prior to 125.0.5729.40 Opera GX versions prior to 125.0.5729.47 Opera Air versions prior to 125.0.5729.39 Safari versions prior to 26.2 WebKit2GTK (affected versions not specified) wpewebkit (affected versions not specified)

Description Multiple security issues were discovered in WebKitGTK, Google Chrome, Microsoft Edge, Opera, and Safari. These issues could allow a remote attacker to exploit a variety of vulnerabilities related to web browser security, including cross-site scripting, denial of service, and arbitrary code execution. A specific out-of-bounds memory access vulnerability (CVE-2025-14174) exists in ANGLE, a graphics library used by Chrome and other Chromium-based browsers. This vulnerability is actively exploited and could allow an attacker to perform out-of-bounds memory access via a crafted HTML page. The vulnerability stems from improper validation of memory boundaries during rendering operations. The vulnerability impacts browsers built on the Chromium open-source project.

Recommendations Update WebKitGTK to version 2.50.4-0ubuntu0.25.04.1. Update Google Chrome to version 143.0.7499.110 or later. Update Microsoft Edge to version 143.0.7499.110 or later. Update Opera to version 125.0.5729.40 or later. Update Opera GX to version 125.0.5729.47 or later. Update Opera Air to version 125.0.5729.39 or later. Update Safari to version 26.2 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability for WebKit2GTK and wpewebkit.