Google, Apple, and Microsoft have released emergency patches to fix a critical zero-day vulnerability (CVE-2025-24201), an out-of-bounds write flaw in the GPU that has been actively exploited. The vulnerability affects the Chromium engine used by Google Chrome and Microsoft Edge, as well as Apple’s WebKit engine across macOS, iOS, and other ecosystems. CISA has added the flaw to its Known Exploited Vulnerabilities Catalog, urging organizations to apply updates before April 3, 2025. Users should immediately update Chrome, Edge, and Apple devices to the latest versions to mitigate the risk.

‍