CVE-2025-14174HIGH 8.8CISA KEVEPSS p97.4%

CVE-2025-14174Google Chromium Out of Bounds Memory Access Vulnerability

Google / Chromium

Description

Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS22.22% probability of exploitation · percentile 97.4% · 2026-06-18T12:00:27Z
Published2025-12-12
Last modified2025-12-15

CISA KEV entry

Added to KEV: 2025-12-12

Underlying weaknesses· 2

CWE-787CWE-119

References

  1. https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html
  2. https://issues.chromium.org/issues/466192044
  3. https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174

2

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live
WeaknessOut-of-bounds Writecwe-7870%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryGoogle Chromium Out of Bounds Memory Access Vulnerabilitykev-cve-2025-141740%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
CVE
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
CVE
CVE-2025-8901
CVE
Google Chromium V8 Out-of-Bounds Write Vulnerability
CVE
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
CVE
CVE-2026-11191
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.