CISA Warns of Actively Exploited Chromium Zero-Day Vulnerability (CVE-2025-14174)

ByteVanguard Editor
December 16th, 2025
No Comments

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical zero-day vulnerability in Google Chromium to its Known Exploited Vulnerabilities (KEV) Catalog on December 12, 2025. This flaw is being actively exploited in the wild.

Details of the Vulnerability

CVE-2025-14174 is an out-of-bounds memory access issue in Google Chromium. It can allow attackers to execute arbitrary code or cause crashes in affected browsers.

Impact and Recommendations

Affects all Chromium-based browsers (Google Chrome, Microsoft Edge, Brave, Opera, etc.)
Actively exploited by attackers in real-world attacks
Google fixed it in Chrome version 131.0.6778.264 (released December 12, 2025)
Update your browser immediately to protect against exploitation

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks
CISA

Read the full CISA advisory here:

https://www.cisa.gov/news-events/alerts/2025/12/12/cisa-adds-one-known-exploited-vulnerability-catalog-0

Comments are closed