Summary: Google, Apple, and Microsoft have released emergency patches to address an actively exploited zero-day vulnerability (CVE-2025-24201) affecting the GPU on Mac and the Chromium engine used in popular web browsers. The vulnerability allows attackers to bypass security measures and has already been exploited in the wild. CISA has included this flaw in its Known Exploited Vulnerabilities Catalog, urging organizations to apply updates by April 3, 2025, to mitigate risks.
Affected: Google Chrome, Microsoft Edge, Apple Safari, macOS, iOS, iPadOS
Keypoints :
- Vulnerability CVE-2025-24201 was reported on March 5, 2025 and confirmed as actively exploited.
- Google released patches for Chrome, while Microsoft patched Edge; Apple addressed the issue across its software ecosystem.
- CISA advises immediate updates and monitoring for unusual activity to prevent exploitation.