CVE-2025-14174
Published: 12 December 2025
Summary
CVE-2025-14174 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 45.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation through patching of the out-of-bounds memory access flaw in Chrome's ANGLE component, as listed in the CISA KEV catalog.
Implements memory protection mechanisms such as ASLR and DEP that mitigate exploitation of the out-of-bounds memory access vulnerability.
Enables vulnerability scanning to identify and remediate the presence of this known exploited Chrome vulnerability on systems.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This out-of-bounds memory access vulnerability in Chrome's ANGLE graphics component is exploited via a crafted HTML page, enabling remote code execution in a client application (web browser), directly mapping to Exploitation for Client Execution (T1203).
NVD Description
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Deeper analysisAI
CVE-2025-14174 is an out-of-bounds memory access vulnerability in the ANGLE graphics component of Google Chrome on Mac, affecting versions prior to 143.0.7499.110. A remote attacker can trigger this issue via a crafted HTML page, leading to improper memory access. It maps to CWE-787 (Out-of-bounds Write) and CWE-119 (Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and Chromium security severity rated as High.
The vulnerability can be exploited by a remote attacker with no privileges required, though it depends on user interaction such as visiting a malicious site. Exploitation enables out-of-bounds memory access, potentially resulting in high-impact compromise of confidentiality, integrity, and availability without scope changes.
Mitigation is available through patching: Google Chrome users on Mac should update to version 143.0.7499.110 or later, as announced in the stable channel update for desktop on the Chrome Releases blog. Related details appear in the Chromium issue tracker at issues.chromium.org/issues/466192044 and Microsoft Edge security release notes. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities Catalog.
This issue has seen real-world exploitation, as indicated by its inclusion in the CISA catalog.
Details
- CWE(s)
- KEV Date Added
- 12 December 2025