CVE-2025-14174

Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to 2.50.4-0ubuntu0.25.04.1 Google Chrome versions prior to 143.0.7499.110 Microsoft Edge versions prior to 143.0.7499.110 Opera versions prior to 125.0.5729.49 Opera GX versions prior to 125.0.5729.47 Opera Air versions prior to 125.0.5729.39 Opera Neon versions prior to 125.0.5729.40 Apple Safari versions prior to 26.3 Apple iOS versions prior to 26.3 Apple macOS versions prior to 26.3 Apple tvOS versions prior to 26.3 Apple visionOS versions prior to 26.3 Apple watchOS versions prior to 26.3 Vivaldi versions prior to 125.0.5729.49

Description Multiple vulnerabilities were discovered in WebKitGTK and Chromium-based browsers, including Google Chrome, Microsoft Edge, Opera, and Apple Safari. These vulnerabilities allow a remote attacker to potentially execute arbitrary code, cause a denial of service, or perform out-of-bounds memory access via a crafted HTML page. The vulnerabilities stem from issues in the ANGLE graphics engine and improper authorization enforcement. The vulnerability CVE-2025-14174 is actively exploited in the wild. The flaw is related to an out-of-bounds memory access in ANGLE on macOS.

Recommendations Update WebKitGTK to version 2.50.4-0ubuntu0.25.04.1 or later. Update Google Chrome to version 143.0.7499.110 or later. Update Microsoft Edge to version 143.0.7499.110 or later. Update Opera to version 125.0.5729.49 or later. Update Opera GX to version 125.0.5729.47 or later. Update Opera Air to version 125.0.5729.39 or later. Update Opera Neon to version 125.0.5729.40 or later. Update Apple Safari to version 26.3 or later. Update Apple iOS to version 26.3 or later. Update Apple macOS to version 26.3 or later. Update Apple tvOS to version 26.3 or later. Update Apple visionOS to version 26.3 or later. Update Apple watchOS to version 26.3 or later. Update Vivaldi to version 125.0.5729.49 or later.