Overview
- Apple released updates across iPhone, iPad, Mac, tvOS, watchOS, visionOS and Safari to fix two WebKit bugs tracked as CVE-2025-14174 and CVE-2025-43529.
- Google shipped a Chrome Stable fix for CVE-2025-14174, an out‑of‑bounds memory access in ANGLE, and acknowledged awareness of an exploit in the wild.
- Apple SEAR and Google TAG reported CVE-2025-14174 on December 5, and Apple says the activity may involve an extremely sophisticated attack against specific targeted individuals.
- Microsoft patched the flaw in Chromium-based Edge on December 11, and CISA added CVE-2025-14174 to its Known Exploited Vulnerabilities catalog on December 12.
- Apple’s notes indicate the bugs can cause memory corruption or allow code execution, with evidence suggesting they could be triggered by a crafted web page.