VDB
DEBIAN-CVE-2025-14174
DEBIAN-CVE-2025-14174
PUBLISHED
CVSS 8.800000190734863 HIGH
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | webkit2gtk | 2.40.1-1, 2.50.1-1~deb11u1, 2.50.1-1 |
| Debian:12 | wpewebkit | 0, 2.38.6-1, 2.40.0-1 |
| Debian:11 | webkit2gtk | 2.38.5-1, 2.41.90-1, 2.41.91-1 |
| Debian:13 | webkit2gtk | 2.48.5-1, 0, 2.48.3-1 |
| Debian:11 | wpewebkit | 2.36.0-2, 2.38.5-1, 2.38.4-1~deb11u1 |
| Debian:14 | wpewebkit | 2.50.2-1, 2.48.6-2, 2.50.3-1 |
| Debian:14 | webkit2gtk | *, 2.50.3-1, 2.48.5-1 |
| Debian:13 | wpewebkit | 2.50.5-1, 2.50.4-1, 2.50.3-1 |
Exploit Intelligence
- George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day (github-poc-repo)
- 🔍 Analyze WebKit and ANGLE vulnerabilities with this repository for CVE-2025-43529 and CVE-2025-14174, focusing on verified components and ongoing efforts. (github-poc-repo)
- Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari (github-poc-repo)
- George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day (github-poc)
- Analysis and PoC for CVE-2025-14174 - ANGLE Metal OOB write (iOS Safari, macOS Chrome) (github-poc)
- Proof-of-Concept exploit for CVE-2025-14174 (EUVD-2025-203113) - Memory corruption in ANGLE allowing out-of-bounds access and RCE in web browsers. Reliable on iOS/Android/Windows, including patched systems with incomplete fixes. (github-poc)
- macos_v2_generated.go (github-poc)
- ios_v1_generated.go (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
…and 12 more exploits
Timeline
- Dec 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated