Apple Safari
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple Safari.
Recent Apple Safari Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 127121 | Safari 26.5 - Apple Security Content | May 13, 2026 |
| 126800 | Safari 26.4 - Apple Security Content | March 24, 2026 |
| 126354 | Safari 26.3 - Apple Security Content | February 11, 2026 |
| 125892 | Safari 26.2 - Apple Security Content | December 12, 2025 |
| 125640 | Safari 26.1 - Apple Security Content | November 3, 2025 |
| 125113 | Safari 26 - Apple Security Content | September 15, 2025 |
| 124152 | Safari 18.6 - Apple Security Content | July 30, 2025 |
| 122719 | Safari 18.5 - Apple Security Content | May 12, 2025 |
| 122379 | Safari 18.4 - Apple Security Content | March 31, 2025 |
| 122285 | Safari 18.3.1 - Apple Security Content | March 11, 2025 |
Known Exploited Apple Safari Vulnerabilities
The following Apple Safari vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple Safari Webkit Browser Engine Buffer Overflow Vulnerability |
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30665 Exploit Probability: 0.6% |
November 3, 2021 |
| Apple Safari Webkit Browser Engine Integer Overflow Vulnerability |
Integer overflow. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30663 Exploit Probability: 1.2% |
November 3, 2021 |
By the Year
In 2026 there have been 40 vulnerabilities in Apple Safari with an average score of 6.1 out of ten. Last year, in 2025 Safari had 102 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Safari in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.45
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 40 | 6.14 |
| 2025 | 102 | 6.59 |
| 2024 | 61 | 6.71 |
| 2023 | 44 | 7.92 |
| 2022 | 42 | 7.84 |
| 2021 | 35 | 7.75 |
| 2020 | 74 | 7.15 |
| 2019 | 166 | 8.02 |
| 2018 | 41 | 8.11 |
It may take a day or so for new Safari vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Safari Security Vulnerabilities
Apple iOS Updated 18.7.9 Prevents Crash from Malicious Web Content
CVE-2026-28917
4.3 - Medium
- May 11, 2026
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Apple WebKit Memory Crash via Crafted Web Content - fixed in 26.5
CVE-2026-28901
4.3 - Medium
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
UAF in Safari WebKit on macOS before 26.5 (fixed 26.5)
CVE-2026-28946
6.5 - Medium
- May 11, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
CSP bypass in Apple OS 26.5 (iOS, iPadOS, macOS, tvOS, visionOS, watchOS)
CVE-2026-28907
8.1 - High
- May 11, 2026
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Output Sanitization
Apple iOS/macOS iPadOS visionOS iframe download settings flaw before 26.5
CVE-2026-28971
4.3 - Medium
- May 11, 2026
The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another websites download settings.
Clickjacking
Apple Safari: UAF Crash Vulnerability Fixed in 26.5
CVE-2026-28947
8.8 - High
- May 11, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple Safari 26.5 Crash via Malicious Web Content
CVE-2026-43658
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Buffer Overflow
WebKit Crash via WebContent (iOS/iPadOS <26.5, macOS/tvOS/visionOS <26.5)
CVE-2026-28905
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple OS 26.5: Unexpected Process Crash via Malicious Web Content (Fix)
CVE-2026-28913
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple OS 26.5 Memory Handling Crash on Malicious Web Content
CVE-2026-28944
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple iOS/macOS 26.5 Use-After-Free in Web Rendering
CVE-2026-28883
7.5 - High
- May 11, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Apple WebKit CSP Bypass before 26.5 (iOS 18.7.9, macOS 26.5)
CVE-2026-43660
7.5 - High
- May 11, 2026
A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Protection Mechanism Failure
Apple iOS Memory Crash CVE-2026-28953 Fixed in 18.7.9
CVE-2026-28953
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple WebKit MemCorrupt Crash (CVE-2026-28904) fixed iOS 18.7.9+
CVE-2026-28904
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple OS 26.5 Data Exposure via Improper Protection
CVE-2026-28958
5.5 - Medium
- May 11, 2026
This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
Information Disclosure
Apple iOS AccessRestriction CVE202628962 Fixed 18.7.9/26.5
CVE-2026-28962
7.5 - High
- May 11, 2026
This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.
Information Disclosure
Apple iOS/iPadOS macOS Memory Crash CVE-2026-28903
CVE-2026-28903
6.5 - Medium
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Safari AoF bug fixed in 26.5 via improved memory mgmt
CVE-2026-28942
6.5 - Medium
- May 11, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple iOS/macos tvOS Memory Crash CVE-2026-28902
CVE-2026-28902
6.5 - Medium
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple iOS memory crash via malicious web content, fixed iOS 18.7.9/26.5
CVE-2026-28847
6.5 - Medium
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple iOS/OS WebKit Crash via Malicious Web Content CVE-2026-28955
CVE-2026-28955
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple Safari/OS 26.4: State Mgmt Auth Flaw Allows User Fingerprinting
CVE-2026-20691
4.3 - Medium
- March 25, 2026
An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Apple Safari & OS 26.4 Crash due to Memory Handling Exploit
CVE-2026-20664
4.3 - Medium
- March 25, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
Memory Corruption
Apple Safari 26.3: CSP Bypass via State Management Flaw
CVE-2026-20665
6.5 - Medium
- March 25, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Protection Mechanism Failure
Apple Safari 26.4: Sandbox Escape via Memory Handling
CVE-2026-28859
4.3 - Medium
- March 25, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.
Dangling pointer
Apple Safari 26.4: State Mgmt Logic Leak Allows Cross-Origin Script Handler
CVE-2026-28861
4.3 - Medium
- March 25, 2026
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.
XSS
Safari & OS memory handling flaw triggers process crash with malicious web content
CVE-2026-28857
6.5 - Medium
- March 25, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
Out-of-bounds Read
Apple Safari XSS from Logic Issue (fixed 26.4)
CVE-2026-28871
4.3 - Medium
- March 25, 2026
A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.
XSS
Cross-Origin Navigation API Bypass (iOS/macOS) Fixed in 26.3.1/2
CVE-2026-20643
5.4 - Medium
- March 17, 2026
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.
Improper Input Validation
Safari Memory Corro. (CVE-2023-43010) in iOS/macOS <17.2 Fixed
CVE-2023-43010
8.8 - High
- March 12, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
Apple Safari 26.3 WebKit crash via memory handling flaw
CVE-2026-20644
6.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Safari DoS via Improper Memory Handling (pre-26.3)
CVE-2026-20652
7.5 - High
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
Resource Exhaustion
Safari Crash via Malicious Web Content Fixed in 26.3
CVE-2026-20608
5.5 - Medium
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Allocation of Resources Without Limits or Throttling
Safari memory handling crash (CVE-2026-20635)
CVE-2026-20635
4.3 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS/iOS path handling flaw enabling arbitrary file write (pre-26.3)
CVE-2026-20660
5.5 - Medium
- February 11, 2026
A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files.
Directory traversal
Safari Web Extension Tracking Flaw Fixed in 26.3
CVE-2026-20676
4.3 - Medium
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Resource Exhaustion
Apple iOS Safari History Leak before 18.7.5 (CVE202620656)
CVE-2026-20656
3.3 - Low
- February 11, 2026
A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history.
AuthZ
Apple Safari WebKit memory bug causes crashes before iOS 26.3
CVE-2026-20636
6.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple WebKit Memory Handling Crash Fixed v26.2
CVE-2025-46298
6.5 - Medium
- January 09, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Memory init leak in Safari 26.2 on Apple iOS/watchOS/etc. (CVE-2025-46299)
CVE-2025-46299
4.3 - Medium
- January 09, 2026
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Authorization
Apple Safari 26.2 Crashes on Malicious Web Content (CVE-2025-43535)
CVE-2025-43535
4.3 - Medium
- December 17, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec
CVE-2025-43529
8.8 - High
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Dangling pointer
Safari <26.2: Web APIs via file: URL in Lockdown Mode
CVE-2025-43526
9.8 - Critical
- December 17, 2025
This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.
Open Redirect
Apple Safari race condition leads to crash from malicious content
CVE-2025-43531
3.1 - Low
- December 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Race Condition
Use-After-Free in Apple Safari 26.2 causing crashes
CVE-2025-43536
4.3 - Medium
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Apple Safari Type Confusion Crash (pre-26.2)
CVE-2025-43541
4.3 - Medium
- December 17, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Object Type Confusion
Apple Safari Buffer Overflow Fixed in 26.2
CVE-2025-43501
4.3 - Medium
- December 17, 2025
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Classic Buffer Overflow
MacOS & Safari 26.2 Sensitive Data Leak via Missing Permission Checks
CVE-2025-46282
5.5 - Medium
- December 17, 2025
The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access sensitive user data.
Authorization
Use-After-Free Crash via Web Content in iOS+iPadOS (fixed in 18.7.2)
CVE-2025-43511
6.5 - Medium
- December 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Safari or by Apple? Click the Watch button to subscribe.
