The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Google Chrome that is being actively exploited in the wild.
The flaw, tracked as CVE-2025-14174, poses a significant risk to millions of users across multiple web browsers.
Vulnerability Details
Security researchers discovered an out-of-bounds memory access vulnerability within ANGLE (Almost Native Graphics Layer Engine), a critical component of the Chromium rendering engine.
This flaw enables remote attackers to execute malicious code through specially crafted HTML pages, potentially compromising systems without user interaction.
The vulnerability affects numerous Chromium-based browsers beyond Google Chrome, including Microsoft Edge, Opera, Brave, and other derivatives that rely on the same rendering engine.
The widespread adoption of Chromium makes this vulnerability particularly concerning for both enterprise environments and individual users.
CISA has added CVE-2025-14174 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to take immediate action.
Organizations must apply available patches or implement vendor-specified mitigations by January 2, 2026, in accordance with the guidance in Binding Operational Directive 22-01.
System administrators and security teams should prioritise updating all Chromium-based browsers to the latest versions immediately.
Google released Chrome version 131.0.6778.264 on December 12, 2025, which addresses this vulnerability.
For environments where immediate patching is not feasible, CISA recommends implementing network-level protections, restricting browser execution through application control policies, or temporarily migrating to alternative browsers not based on Chromium until mitigations can be deployed.
Security teams should monitor for suspicious HTML file executions and implement endpoint detection rules to identify potential exploitation attempts.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.