CVE-2025-14174

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.110 Microsoft Edge (Chromium-based) versions prior to 143.0.7499.110 Apple Safari (affected versions not specified) Apple iOS, iPadOS, and macOS versions (affected versions not specified) Apple tvOS and watchOS versions (affected versions not specified) Vivaldi versions prior to 125.0.5729.49 Opera versions prior to 125.0.5729.49 Opera GX versions prior to 125.0.5729.47 Opera Air versions prior to 125.0.5729.39 Opera Neon versions prior to 125.0.5729.40 webkit2gtk versions (affected versions not specified) webkit2gtk3 versions (affected versions not specified) wpewebkit versions (affected versions not specified) SberLinux versions (affected versions not specified) Debian webkit2gtk versions (affected versions not specified)

Description A high-severity out-of-bounds memory access issue exists in the ANGLE graphics engine, impacting multiple browsers including Google Chrome, Microsoft Edge, Safari, and others based on Chromium. This flaw allows a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. The vulnerability has been actively exploited in the wild. The issue stems from improper authorization enforcement, where the application validates requests but fails to consistently verify user permissions. The vulnerability was initially reported by Apple SEAR and Google TAG. It is a memory corruption issue that can lead to remote code execution. The vulnerability is related to a race condition that was addressed by improving state handling.

Recommendations Google Chrome versions prior to 143.0.7499.110: Update to version 143.0.7499.110 or later. Microsoft Edge (Chromium-based) versions prior to 143.0.7499.110: Update to version 143.0.7499.110 or later. Apple Safari (affected versions not specified): Update to the latest available version. Apple iOS, iPadOS, and macOS versions (affected versions not specified): Update to the latest available version. Apple tvOS and watchOS versions (affected versions not specified): Update to the latest available version. Vivaldi versions prior to 125.0.5729.49: Update to version 125.0.5729.49 or later. Opera versions prior to 125.0.5729.49: Update to version 125.0.5729.49 or later. Opera GX versions prior to 125.0.5729.47: Update to version 125.0.5729.47 or later. Opera Air versions prior to 125.0.5729.39: Update to version 125.0.5729.39 or later. Opera Neon versions prior to 125.0.5729.40: Update to version 125.0.5729.40 or later. webkit2gtk versions (affected versions not specified): Update to the latest available version. webkit2gtk3 versions (affected versions not specified): Update to the latest available version. wpewebkit versions (affected versions not specified): Update to the latest available version. SberLinux versions (affected versions not specified): Update to the latest available version. Debian webkit2gtk versions (affected versions not specified): Update to the latest available version.