CVE-2025-14174 is an out-of-bounds memory access vulnerability in Google Chrome that requires user interaction with a crafted HTML page. While actively exploited and in CISA KEV, it affects client-side browser software, not internet-facing servers.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2025-12-12
Added to CISA KEV: 2025-12-12 0 DAY BETWEEN CVE AND KEV
Impact. Attackers could potentially execute arbitrary code by crafting malicious web content. The vulnerability has been reported as being used in an extremely sophisticated targeted attack against specific individuals on versions of iOS before iOS 26. This suggests a high-risk, precision-targeted exploitation method. Exploitation. There is no evidence that a public proof-of-concept exists. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.
CVE-2025-14174 This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and ...
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-0282. Ivanti Connect Secure Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.