Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Chrome Password Manager use-after-free security flaw (CVE-2025-14372)

Vulnerability
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-14372 is a use-after-free in Chrome’s Password Manager that Google patched in the December 10 Chrome security update. The flaw affects a core password-handling component and was reported on November 14, 2025 by Weipeng Jiang (@Krace) of VRI. Google rates the issue medium severity, and the fix is part of a broader release that closed multiple Chrome zero-days.

Related Happenings

Chromium JavaScript background RCE flaw

Vulnerability
First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Open Happening

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Open Happening

QuickLens - Search Screen with Google Lens hit by network compromise

Incident
First: 28.02.2026 21:18 Last: 28.02.2026 21:18 Sources 1

About this happening: The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...

Open Happening

Chrome undisclosed high-severity 466192044 active exploitation security flaw

Vulnerability
First: 11.12.2025 09:09 Last: 11.12.2025 09:09 Sources 1

About this happening: **Chrome** has an undisclosed **high-severity flaw** tracked as **Chromium issue tracker ID 466192044** that is **actively exploited in the wild**, putting browser users at immedi...

Open Happening

Chromium Blink document.title crash security flaw

Vulnerability
First: 30.10.2025 16:45 Last: 30.10.2025 16:45 Sources 1

About this happening: **Brash** is a **Chromium Blink** vulnerability that can crash **Google Chrome** and other **Chromium-based browsers** in **15-60 seconds** by abusing unthrottled `document.title`...

Open Happening

Timeline

  1. 11.12.2025 12:15 2 articles · 5mo ago

    Chrome security update patches CVE-2025-14372

    Mitigation Patch Update

    Google issued a Chrome security update on December 10, 2025 that patched CVE-2025-14372, which Google described as a use-after-free in Chrome’s Password Manager and rated at medium severity.

    Show sources
    Open in new tab
  2. 14.11.2025 02:00 1 articles · 6mo ago

    Chrome Password Manager flaw reported to Google

    Initial Disclosure

    Weipeng Jiang (@Krace) of the Vulnerability Research Institute (VRI) reported a use-after-free in Chrome’s Password Manager to Google on November 14, 2025, establishing CVE-2025-14372 as a disclosed browser security issue affecting password handling.

    Show sources
    Open in new tab