Google Releases Security Update for Chrome

Security update addresses one exploited high severity vulnerability and two medium severity vulnerabilities in Google Chrome

Threat ID:: CC-4727
Threat Severity:: Medium
Published:: 11 December 2025 1:08 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses one exploited high severity vulnerability and two medium severity vulnerabilities in Google Chrome

Affected platforms

The following platforms are known to be affected:

Google Chrome for Windows, macOS and Linux

All prior to 143.0.7499.109/.110 for Windows
All prior to 143.0.7499.109/.110 for Mac
All prior to 143.0.7499.109 for Linux

Note: Version 143.0.7499.109 for Linux will be rolling out over the coming days/weeks.

Threat details

Exploitation of vulnerability tracked as CVE-2025-14174

Google is aware that an exploit for CVE-2025-14174 exists in the wild.

Introduction

Google has released security updates for Chrome to address a high severity vulnerability tracked as CVE-2025-14174. The updates also address two medium severity vulnerabilities in Google Chrome

CVE-2025-14174 - Out of bounds memory access - CVSSv3 score: 8.8
CVE-2025-14372 - Use-after-free in Password Manager - CVSSv3 score: 6.1
CVE-2025-14373 - Inappropriate implementation in Toolbar - CVSSv3 score: 4.3

Threat updates

Date	Update
15 Dec 2025	CVE-2025-14174 published Added details for CVE-2025-14174 and replaced instances of Chrome Issue ID 466192044 with CVE-2025-14174.

Remediation advice

Affected organisations are encouraged to review Google's Stable Channel Update for Desktop 10 advisory and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html

CVE Vulnerabilities

Status Published

CVE-2025-14174

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Status Published

CVE-2025-14372

Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Status Published

CVE-2025-14373

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Last edited: 15 December 2025 12:00 pm