Chromium ZeroDay Vulnerability - 20251215001¶
Overview¶
Google has released a security update to address an out of bounds memory access in ANGLE in Google Chrome to address a zeroday vulnerability. If successfully exploited, could allow a remote attacker to perform out of bounds memory access via a crafted HTML page.
This vulnerability affects all Chromium-based browsers, which includes, but is not limited to Google Chrome, Microsoft Edge, Opera, Brave and Vivaldi.
What is vulnerable?¶
| Products Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Chromium-based Browsers - Google Chrome - Microsoft Edge - Brave - Opera - Vivaldi |
CVE-2025-14174 | 8.8 | High |
What has been observed?¶
Google is aware of exploitation in the wild for one or more of the above monetioned vulnerabilities. CISA has added the vulnerability to their Known Exploited Vulnerabilities catalogue. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):
- Google: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html
- Microsoft: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Additional References¶
- CISA Known Exploited Vulnerabilities: https://www.cisa.gov/news-events/alerts/2025/12/12/cisa-adds-one-known-exploited-vulnerability-catalog-0