Browser Security Alert: Apple & Chrome 0-Days Under Active Exploit

Apple Patches Two Critical WebKit Zero-Days (CVE-2025-3737, CVE-2025-3738) Under Active Exploitation

• Apple released emergency security updates addressing two actively exploited zero-day vulnerabilities, CVE-2025-3737 (a use-after-free) and CVE-2025-3738 (a memory corruption issue), found in its WebKit browser engine.
• These critical flaws were exploited in highly sophisticated attacks targeting high-risk individuals, affecting iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.
• Users are urged to update their Apple devices immediately to the patched versions to mitigate risks from these targeted attacks.

Source: The Hacker News | Date: December 12, 2025

CISA Warns of Actively Exploited Google Chromium Zero-Day Vulnerability (CVE-2025-4197)

• CISA added a critical Google Chromium zero-day vulnerability, CVE-2025-4197, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
• The flaw is identified as an out-of-bounds write bug in the ANGLE component, which is used for WebGL and other graphics-related tasks, potentially leading to remote code execution.
• Google has deployed emergency fixes for Chrome versions 120.0.6099.199/200, and federal agencies are mandated to apply patches by January 3, 2026.

Source: Cybersecurity News | Date: December 12, 2025

References

1. Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild - The Hacker News
2. Apple dicht lek gebruikt bij 'zeer geraffineerde' aanval tegen iPhone-gebruikers - Security.nl
3. Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users - Cybersecurity News
4. Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets - SecurityOnline.info
5. CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks - Cybersecurity News
6. CISA adds Chrome and Sierra Bugs to KEV Catalog - The Cyber Throne
7. U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog - Security Affairs
8. Emergency fixes deployed by Google and Apple after targeted attacks - Security Affairs