CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks

CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks

Posted on By CWS

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a important zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Identified Exploited Vulnerabilities (KEV) catalog.

Tracked as CVE-2025-14174, the flaw permits distant attackers to set off out-of-bounds reminiscence entry by way of a malicious HTML web page, probably resulting in arbitrary code execution in browsers.

Found and patched simply days in the past, this vulnerability underscores ongoing threats to Chromium-based browsers dominating the net. Attackers might exploit it for drive-by compromises, information theft, or ransomware deployment, although CISA notes no confirmed ransomware ties but. Federal businesses should apply mitigations by January 2, 2026, or discontinue affected merchandise.

CVE-2025-14174 resides in ANGLE, Chromium’s OpenGL ES interface layer, the place improper bounds checking permits reminiscence corruption. A crafted webpage can invoke the flaw throughout rendering, bypassing sandbox protections in some eventualities.

The Nationwide Vulnerability Database (NVD) charges it excessive severity, with early CVSS v3.1 assessments pointing to distant code execution dangers.

CVE IDDescriptionCVSS v3.1 ScoreAffected VersionsPatched VersionsCVE-2025-14174Out-of-bounds reminiscence entry in ANGLE by way of HTML8.8 (Excessive)Chromium < 131.0.6778.200Chrome 131.0.6778.201+Edge 131.0.3139.95+

No public indicators of compromise (IoCs) have surfaced, however menace actors are more likely to chain it to phishing or malvertising.

CISA urges rapid patching per Binding Operational Directive (BOD) 22-01 for federal programs, particularly cloud companies. Organizations ought to scan for unpatched browsers, implement computerized updates, and monitor for anomalous rendering crashes.

Google rolled out Secure Channel fixes on December 10, bumping Chrome to model 131.0.6778.201. Microsoft Edge adopted with 131.0.3139.95, whereas Opera customers ought to examine vendor channels. “Customers are suggested to relaunch browsers post-update,” Google said in its launch notes.

This incident highlights Chromium’s huge assault floor, affecting over 70% of desktop browsers. Safety groups worldwide ought to prioritize remediation amid rising zero-day exploits.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Cyber Security News
Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware Cyber Security News
Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access Cyber Security News
Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature Cyber Security News
PornHub Breached by ShinyHunters Group and Premium Members Data Stolen PornHub Breached by ShinyHunters Group and Premium Members Data Stolen Cyber Security News
Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data Cyber Security News