Threat Advisories:
From Advisory to Attack in Under 10 Hours: Marimo’s Critical RCE Flaw Handala Claims Destructive Wiper Attack on GCC Nation’s Critical Infrastructure Active Exploitation of Critical Adobe Prototype Pollution Flaw Masjesu: Exploit-Driven Botnet with Stealth, Scale, and Staying Power UAT-10362 Deploys LucidRook Malware Against Taiwanese NGOs Pawn Storm’s Dual Zero-Day Exploit Unleashed Important according to Google magic Iranian-Affiliated CyberAv3ngers Exploits Internet-Exposed PLCs in U.S. APT28 Exploits SOHO Routers for Large-Scale DNS Hijacking and Credential Theft Spraying for Access: Iran-Aligned Actors Turn Weak Credentials into Intelligence TrueConf Zero-Day Abused in Operation TrueChaos to Weaponize Software Updates Fortinet EMS Left Defenseless by CVE-2026-35616 Axios npm Supply Chain Attack: What You Need to Know CVE-2026-5281: Chrome Dawn Flaw Sparks In-the-Wild Zero-Day Attacks CVE-2026-3055: Silent Memory Leak in NetScaler Actively Exploited Tracking Beast: Tools, Techniques, and Tradecraft in RaaS Operations FAUX#ELEVATE: Obfuscated VBS Campaign Targeting Enterprise HR System TeamPCP’s Automated Supply Chain: From Trivy to LiteLLM in a Multi-Ecosystem Breach Iranian MOIS Leverages Telegram-Based C2 in Espionage Campaign Targeting Dissidents MuddyWater: Iran’s Adaptive Cyber Espionage Machine March 2026 Linux Patch Roundup
New Report Critical Threat Research : The Iranian Cyber War Intensifies! Download the Report
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s ComparisonSave Cost , Reduce Complexity and Increase Security by Augmenting and Replacing your existing Vulnerability Management platform
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Learning Center
Podcasts
Threat Advisories
Threat Digests
Blog
Whitepapers
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoFree Iranian Exposure Assessment
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s Comparison
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Learning Center
Podcasts
Threat Advisories
Threat Digests
Blog
Whitepapers
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoFree Iranian Exposure Assessment

Google Chrome Zero-Day Exploited in ANGLE Graphics Engine

Red | Vulnerability Report
Download PDF

Summary

Google released an emergency Chrome security update on December 10, 2025, addressing three critical vulnerabilities including a high-severity zero-day vulnerability (CVE-2025-14174) actively exploited in the wild. The Chrome zero-day flaw represents a buffer overflow vulnerability in the ANGLE graphics engine, specifically affecting the Metal renderer used on Apple platforms, stemming from improper buffer size calculations that enable memory corruption, browser crashes, and potentially arbitrary code execution. This marks Google Chrome’s eighth zero-day patch of 2025, highlighting persistent targeting of browser graphics components by threat actors. The ANGLE graphics engine vulnerability poses significant security risks because it processes untrusted graphics content from web pages, potentially enabling drive-by attacks through crafted input like WebGL exploits. Google has confirmed active in-the-wild exploitation of the Chrome vulnerability but withheld full technical details under responsible disclosure coordination with browser vendors. Given ANGLE’s cross-platform use in Chromium-based browsers, organizations face elevated exposure until Chrome security patches propagate across browser forks like Microsoft Edge and Brave. Alongside the zero-day, Google patched two medium-severity Chrome vulnerabilities: CVE-2025-14372, a use-after-free in Password Manager enabling memory corruption, and CVE-2025-14373, an inappropriate implementation in Toolbar enabling UI manipulation for phishing attacks. Both vulnerabilities were responsibly disclosed in November 2025 with bug bounty rewards. Chrome users and organizations must immediately update to versions 143.0.7499.109 (Linux) and 143.0.7499.109/.110 (Windows/macOS) across all platforms to mitigate active threats.

Vulnerability Details

Emergency Chrome Security Update and Zero-Day Discovery

Google released an emergency Chrome security update on December 10, 2025, for Chrome versions 143.0.7499.109/.110, addressing three vulnerabilities including a high-severity zero-day (CVE-2025-14174) actively exploited in the wild. The critical Chrome vulnerability is a buffer overflow in Chrome’s ANGLE graphics engine, specifically in the Metal renderer used on Apple platforms, stemming from improper buffer size calculations that can lead to memory corruption, browser crashes, or potentially arbitrary code execution. This marks Chrome’s eighth zero-day patch of 2025, highlighting persistent threat actor targeting of browser graphics components across the Chromium ecosystem.

ANGLE Graphics Engine Exploitation Risk

The Chrome zero-day poses significant security risk because ANGLE processes untrusted graphics content from web pages, potentially enabling drive-by attacks via crafted input like WebGL exploits, though exact exploitation chains remain undisclosed by Google security researchers. Google has confirmed active in-the-wild exploitation of CVE-2025-14174 but withheld full technical details under coordination with browser vendors, restricting access in the Chromium issue tracker. Given ANGLE’s cross-platform use in Chromium-based browsers including Microsoft Edge, Brave, and Opera, organizations face elevated Chrome vulnerability exposure until security patches propagate across all browser forks.

Additional Medium-Severity Chrome Vulnerabilities

Alongside the Chrome zero-day, Google patched two medium-severity issues in the December 2025 emergency update: CVE-2025-14372, a use-after-free vulnerability in Chrome Password Manager that may allow memory corruption under precise exploitation conditions, and CVE-2025-14373, an inappropriate implementation vulnerability in Chrome Toolbar that could enable user interface manipulation for phishing attacks or spoofing legitimate websites. Both Chrome vulnerabilities were responsibly disclosed in November 2025 through Google’s Vulnerability Reward Program and awarded bug bounties to security researchers. These Chrome security fixes underscore the critical need for immediate browser updates on Windows, macOS, and Linux platforms to mitigate active threats across the browser ecosystem and protect users from ANGLE graphics engine exploitation.

Recommendations

Immediate Chrome Patch Deployment

Organizations must immediately update Google Chrome to versions 143.0.7499.109 (Linux) and 143.0.7499.109/.110 (Windows/macOS), pushing the Chrome security update through enterprise management tools and Group Policy deployment mechanisms. Confirm successful Chrome installation in the “About Chrome” settings menu and ensure compliance verification across all managed devices to protect against the ANGLE zero-day vulnerability.

Browser Restart Enforcement

The Chrome security patch only activates after complete browser restarts, so organizations must enforce or prompt full browser restart procedures on all endpoints to ensure users have relaunched Chrome application to load patched binaries and fully mitigate the zero-day vulnerability. Implement automated restart reminders and compliance checking to verify that Chrome updates have been properly applied across the enterprise.

Interim Mitigation for Delayed Patching

If Chrome patching is delayed due to change management procedures, organizations should disable WebGL functionality or hardware acceleration to break the ANGLE exploit path, understanding this interim mitigation may affect graphics performance for web applications. Apply JavaScript content restrictions in high-security environments to reduce exposure to malicious web content that could deliver Chrome zero-day exploit triggers through drive-by attacks.

Security Monitoring and Incident Response

Organizations must actively monitor for GPU process crashes, unexpected Chrome browser instability, or memory corruption indicators that may signal ANGLE vulnerability exploitation attempts. Investigate anomalies promptly using endpoint detection and response tools, escalate suspicious activity to security operations teams if Chrome exploitation is detected, and maintain detailed logs of browser behavior for forensic analysis of potential zero-day attacks targeting the ANGLE graphics engine.

MITRE ATT&CK TTPs

TA0042 – Resource Development

  • T1588: Obtain Capabilities
  • T1588.005: Exploits
  • T1588.006: Vulnerabilities

TA0001 – Initial Access

  • T1189: Drive-by Compromise
  • T1190: Exploit Public-Facing Application

TA0002 – Execution

  • T1059: Command and Scripting Interpreter
  • T1059.007: JavaScript
  • T1203: Exploitation for Client Execution

TA0004 – Privilege Escalation

  • T1068: Exploitation for Privilege Escalation

TA0005 – Defense Evasion

  • T1211: Exploitation for Defense Evasion

TA0006 – Credential Access

  • T1555: Credentials from Password Stores
  • T1555.003: Credentials from Web Browsers

References

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html https://issues.chromium.org/issues/466192044 https://www.google.com/intl/en/chrome/?standalone=1

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox