CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks

Posted on By CWS

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a important zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Identified Exploited Vulnerabilities (KEV) catalog.

Tracked as CVE-2025-14174, the flaw permits distant attackers to set off out-of-bounds reminiscence entry by way of a malicious HTML web page, probably resulting in arbitrary code execution in browsers.

Found and patched simply days in the past, this vulnerability underscores ongoing threats to Chromium-based browsers dominating the net. Attackers might exploit it for drive-by compromises, information theft, or ransomware deployment, although CISA notes no confirmed ransomware ties but. Federal businesses should apply mitigations by January 2, 2026, or discontinue affected merchandise.

CVE-2025-14174 resides in ANGLE, Chromium’s OpenGL ES interface layer, the place improper bounds checking permits reminiscence corruption. A crafted webpage can invoke the flaw throughout rendering, bypassing sandbox protections in some eventualities.

The Nationwide Vulnerability Database (NVD) charges it excessive severity, with early CVSS v3.1 assessments pointing to distant code execution dangers.

CVE IDDescriptionCVSS v3.1 ScoreAffected VersionsPatched VersionsCVE-2025-14174Out-of-bounds reminiscence entry in ANGLE by way of HTML8.8 (Excessive)Chromium < 131.0.6778.200Chrome 131.0.6778.201+Edge 131.0.3139.95+

No public indicators of compromise (IoCs) have surfaced, however menace actors are more likely to chain it to phishing or malvertising.

CISA urges rapid patching per Binding Operational Directive (BOD) 22-01 for federal programs, particularly cloud companies. Organizations ought to scan for unpatched browsers, implement computerized updates, and monitor for anomalous rendering crashes.

Google rolled out Secure Channel fixes on December 10, bumping Chrome to model 131.0.6778.201. Microsoft Edge adopted with 131.0.3139.95, whereas Opera customers ought to examine vendor channels. “Customers are suggested to relaunch browsers post-update,” Google said in its launch notes.

This incident highlights Chromium’s huge assault floor, affecting over 70% of desktop browsers. Safety groups worldwide ought to prioritize remediation amid rising zero-day exploits.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers Cyber Security News
Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure Cyber Security News
5 Immediate Steps to be Followed After Clicking on a Malicious Link Cyber Security News
Critical Android 0-Click Vulnerability in System Component Allows RCE Attacks Cyber Security News
Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks Cyber Security News
Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins Cyber Security News