An emergent surge of urgent security advisories has permeated the tech sector in December, with both Google and Apple warning Android and iPhone users of critical vulnerabilities being actively exploited in the wild. Termed "Dangerous December," this time period marks a significant ramping up of the threat landscape for mobile users, as both companies have issued emergency patches to remediate vulnerabilities capable of enabling attacker control of devices through specially crafted web content or malicious image files.
Google kicked off the month by confirming that Android devices are currently at risk due to two critical vulnerabilities being actively exploited. The company issued a rapid emergency patch for all Chrome users, so fast it was delivered before it even received an official CVE designation. The vulnerability is currently known as CVE-2025-14174 and is considered actively exploited; Google urges users to update now to avoid being compromised.
Apple subsequently released emergency updates for iPhones, iPads, and other Apple devices to address two vulnerabilities, including CVE-2025-14174 and another identified as CVE-5-29. Both vulnerabilities are associated with the WebKit browser engine, which supports Safari and other browsers on iOS devices. Security specialists further note that browser engines have become one of the main targets for attackers, which correspondingly raises user exposure if updates are not applied in a timely manner.
The U.S. Cybersecurity and Infrastructure Security Agency has issued a directive of its own, requiring federal employees to update Chrome and all Chromium-based browsers by January 2, or stop using them. For Apple devices, the deadline is January 5. CISA cautions that these vulnerabilities might allow remote attackers to perform out-of-bounds memory access, which may allow the attacker to take control of an affected device.
While the attacks so far have been targeted, researchers warn that these exploits will soon become ubiquitous, which makes the need for immediate updates across all users paramount. In light of this, users of Android or iPhone devices, or any Chromium-based browser, should update their software right away to protect data and privacy. The threat is real, and any delay may expose people to sophisticated spyware and hacking attacks.