Coordinated Disclosure of Zero-Day Exploited in Chrome ANGLE and Apple WebKit
Google and Apple have both released emergency security updates to address a high-severity zero-day vulnerability, tracked as CVE-2025-14174, which was actively exploited in the wild. The flaw, an out-of-bounds memory access issue in the ANGLE graphics component, affected Google Chrome and was also present in Apple’s WebKit engine, impacting multiple Apple devices including iPhones, iPads, Macs, and other platforms. Google initially limited technical details but confirmed exploitation, prompting urgent updates for Chrome users, while Apple’s advisory highlighted that the attacks were highly sophisticated and targeted specific individuals running older iOS versions.
The vulnerability was discovered by Google’s Threat Analysis Group and addressed through coordinated disclosure between Google and Apple. Apple patched the flaw across iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari, while Google updated Chrome to mitigate the risk. Both companies have withheld detailed attack information, but the exploitation pattern suggests use in targeted spyware campaigns. Users and organizations are strongly advised to update affected devices immediately to reduce exposure to ongoing attacks leveraging this zero-day.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Apple documents macOS Tahoe 26.2 security fixes
On 2025-12-17, Apple published security content for macOS Tahoe 26.2, formally documenting fixes for vulnerabilities addressed in its December security updates. This reflected Apple's broader rollout of patches for the exploited WebKit issues across supported product lines.
WebKitGTK and WPE WebKit publish advisory for related exploited flaws
On 2025-12-17, the WebKitGTK and WPE WebKit projects published security advisory WSA-2025-0010 covering multiple vulnerabilities fixed before version 2.50.4, including CVE-2025-14174 and CVE-2025-43529. The advisory linked both flaws to sophisticated attacks targeting specific individuals and recommended immediate updates.
CISA adds Apple WebKit zero-days to the KEV catalog
By 2025-12-15, CISA had added CVE-2025-14174 and CVE-2025-43529 to its Known Exploited Vulnerabilities catalog following Apple's advisory. The listing elevated urgency for defenders and prompted government and security agencies to push immediate patching guidance.
Apple issues emergency updates for two exploited WebKit zero-days
On 2025-12-12, Apple released security updates across iOS, iPadOS, macOS, Safari, and other platforms to fix CVE-2025-43529 and CVE-2025-14174. Apple said the flaws were exploited in highly sophisticated, targeted attacks against specific individuals, with discovery attributed to Google's Threat Analysis Group and Apple security teams.
Google releases Chrome update fixing exploited ANGLE zero-day
On 2025-12-10, Google released Chrome 143.0.7499.109 or later to fix three vulnerabilities, including an actively exploited high-severity zero-day in the ANGLE graphics component's Metal renderer. Google limited technical details because the flaw was being exploited in the wild, and noted that other Chromium-based browsers could also be affected until patched.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
10 references tracked. Mallory keeps watching after this page renders.
Updating your iPhone to iOS 26.2? Here are 5 reasons I wouldn't think twice about it
zdnet.com
Open sourceWebKitGTK and WPE WebKit Security Advisory WSA-2025-0010
seclists.org
Open sourceAbout the security content of macOS Tahoe 26.2
support.apple.com
Open sourceCVE-2025-43529 & CVE-2025-14174: Apple and Google’s Zero-Day Patches
socradar.io
Open sourceApple fixes two Webkit Vulnerabilities
thecyberthrone.in
Open sourceCISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks
cybersecuritynews.com
Open sourceGoogle Chrome Zero-Day Actively Exploited via ANGLE Graphics Component
socradar.io
Open sourceApple fixes two zero-day flaws exploited in 'sophisticated' attacks
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Emergency 0-Day Patches Issued by Apple and Google for Actively Exploited Vulnerabilities
Apple and Google have released emergency security updates to address zero-day vulnerabilities that were actively exploited in sophisticated attacks targeting users of their platforms. Apple issued patches across its ecosystem—including iPhones, iPads, and Macs—to fix two WebKit bugs, warning that these flaws had been abused in highly targeted attacks against specific individuals. Google, in parallel, released a Chrome Stable channel update to address multiple security flaws, including CVE-2025-14174, an out-of-bounds memory access vulnerability that was already being exploited in the wild. Both companies provided limited technical details but confirmed that the vulnerabilities were under active attack and that coordinated investigation revealed overlap in their findings, with Apple's security team and Google's Threat Analysis Group credited for discovery. Security researchers have noted that these vulnerabilities could be weaponized by commercial spyware vendors, and there is evidence suggesting that the flaws were exploited before patches were available. The urgency of the situation has led to widespread advisories urging users to update their devices immediately to mitigate the risk of compromise. The lack of detailed disclosure from both Apple and Google underscores the sensitive nature of the attacks and the ongoing threat posed by sophisticated adversaries targeting mainstream software platforms used by billions worldwide.
Mar 21, 2026
Emergency Patches for Apple and Google Zero-Day Exploits in Targeted Attacks
Apple and Google released emergency security updates after discovering that zero-day vulnerabilities in their software were being actively exploited in highly targeted attacks. The campaign, attributed to nation-state actors and commercial spyware vendors, focused on high-value individuals rather than the general public. Apple addressed two critical WebKit vulnerabilities, CVE-2025-14174 and CVE-2025-43529, which were exploited in sophisticated attacks against iPhones, iPads, and Macs running iOS versions prior to 26. Google also patched a Chrome vulnerability discovered in collaboration with Apple’s security team and Google’s Threat Analysis Group, indicating a coordinated response to a broader espionage campaign. The Apple updates, released as iOS 26.2 and iPadOS 26.2, fixed the WebKit flaws that allowed arbitrary code execution and memory corruption through malicious web content. These vulnerabilities affected iPhone 11 and later models, as well as several iPad variants. In addition to the WebKit issues, Apple resolved over 30 other vulnerabilities across various components, including the Kernel and Screen Time. Both companies withheld detailed technical information, suggesting ongoing investigations into the attacks. The rapid deployment of these patches underscores the severity and sophistication of the threat, with both Apple and Google urging users to update their devices immediately.
Mar 21, 2026
Apple Patches Actively Exploited dyld Zero-Day in iOS and Other Platforms
Apple released security updates to address an **actively exploited zero-day** tracked as **CVE-2026-20700**, warning it may have been used in an “extremely sophisticated” attack targeting specific individuals on versions of iOS prior to *iOS 26*. The flaw affects **`dyld` (Apple’s dynamic linker)** and can allow **arbitrary code execution** when an attacker already has **memory write** capability; reporting attributes discovery to **Google’s Threat Analysis Group** and notes it may have been used as part of an exploit chain. Apple shipped fixes across its ecosystem, including *iOS 26.3*, *iPadOS 26.3*, *macOS Tahoe 26.3*, *watchOS 26.3*, *tvOS 26.3*, and *visionOS 26.3*. The same reporting indicates Apple also issued patches tied to the broader report for **CVE-2025-14174** (an out-of-bounds memory access issue in Chrome’s **ANGLE** graphics component on Mac) and **CVE-2025-43529** (a **use-after-free** leading to code execution), and commentary from security practitioners emphasized that enterprise risk is driven by **patch deployment speed**—particularly where updates rely on end users rather than enforced device management.
Mar 21, 2026