CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks

Posted on By CWS

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a important zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Identified Exploited Vulnerabilities (KEV) catalog.

Tracked as CVE-2025-14174, the flaw permits distant attackers to set off out-of-bounds reminiscence entry by way of a malicious HTML web page, probably resulting in arbitrary code execution in browsers.

Found and patched simply days in the past, this vulnerability underscores ongoing threats to Chromium-based browsers dominating the net. Attackers might exploit it for drive-by compromises, information theft, or ransomware deployment, although CISA notes no confirmed ransomware ties but. Federal businesses should apply mitigations by January 2, 2026, or discontinue affected merchandise.

CVE-2025-14174 resides in ANGLE, Chromium’s OpenGL ES interface layer, the place improper bounds checking permits reminiscence corruption. A crafted webpage can invoke the flaw throughout rendering, bypassing sandbox protections in some eventualities.

The Nationwide Vulnerability Database (NVD) charges it excessive severity, with early CVSS v3.1 assessments pointing to distant code execution dangers.

CVE IDDescriptionCVSS v3.1 ScoreAffected VersionsPatched VersionsCVE-2025-14174Out-of-bounds reminiscence entry in ANGLE by way of HTML8.8 (Excessive)Chromium < 131.0.6778.200Chrome 131.0.6778.201+Edge 131.0.3139.95+

No public indicators of compromise (IoCs) have surfaced, however menace actors are more likely to chain it to phishing or malvertising.

CISA urges rapid patching per Binding Operational Directive (BOD) 22-01 for federal programs, particularly cloud companies. Organizations ought to scan for unpatched browsers, implement computerized updates, and monitor for anomalous rendering crashes.

Google rolled out Secure Channel fixes on December 10, bumping Chrome to model 131.0.6778.201. Microsoft Edge adopted with 131.0.3139.95, whereas Opera customers ought to examine vendor channels. “Customers are suggested to relaunch browsers post-update,” Google said in its launch notes.

This incident highlights Chromium’s huge assault floor, affecting over 70% of desktop browsers. Safety groups worldwide ought to prioritize remediation amid rising zero-day exploits.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Top 10 Best Supply Chain Risk Management Solutions in 2025 Cyber Security News
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host Cyber Security News
SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely Cyber Security News
First AI-Powered Malware LAMEHUG Attacking Organizations With Compromised Official Email Account Cyber Security News
ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Devices Cyber Security News
Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ Cyber Security News