Skip to content
Pricing
Book a Demo Start Free Trial
Get Started
caught in the webkit: getting tangled with cve-2025-24201
Blog Threat Intelligence Caught in ...

Caught in the WebKit: Getting Tangled with CVE-2025-24201

Shwena Kak & Candace Jensen Shwena Kak & Candace Jensen
6 min read

Web browsers are the gateway to the internet, a ubiquitous fixture of every enterprise device—making them a critical point of exposure. When managing your fleet you may ask: Are we aware of the vulnerabilities affecting our users’ browsers? While vulnerability databases are a great place to start, the widespread use of common codebases makes it harder to trace and recognize vulnerabilities that affect multiple products.

CVE-2025-24201, a high-severity WebKit vulnerability targeting multiple AppleOS platforms, exemplifies this challenge. On 03/11/2025, Apple released iOS, macOS, and Safari patches. A few days later, Techscribe Central published a deep dive on how this vulnerability compromises several platforms and can provide a false sense of security. 

In this article, we will show how this exploit extends far beyond the Apple ecosystem, and how Kandji ensures customers are alerted to all vulnerable software with curated research.

CVE-2025-24201

This vulnerability has a high CVSS score of 8.8. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2. Malicious groups often target WebKit for its widespread use across Apple’s ecosystem and third-party applications. CVE-2025-24201 is an out-of-bounds write vulnerability that improperly allocates data, causing memory corruption and potentially leading to remote code execution (RCE).

A threat actor could use this vulnerability to run arbitrary code and gain system control. It’s critical for users and organizations to apply security patches and mitigate their risk of exploitation.

Implications Beyond Webkit

Around the same time as Apple’s patch release, Google Chrome released a stable update of Chromium 134.0.6998.89 for macOS which had security fixes for CVE-2025-24201 and other vulnerabilities.

Apple Security Engineering and Architecture (SEAR) has historically shared CVEs with Google for Chromium updates before they are made publicly available. Back in 2013, Blink, part of Chromium’s engine, was forked from WebKit, and as a result, may still share some underlying attributes with WebKit. Blink and V8, Chromium’s JavaScript engine, form the core of the Chromium browser engine, handling rendering and script execution, respectively. 

While CVE-2025-24201 primarily affects WebKit, shared components and dependencies between Chromium and WebKit could potentially expose third-party Chromium-based browsers to this exploit. However, due to Chromium’s security policy, connections between WebKit and Chromium’s fixes won’t be verifiable until 14 weeks after the initial release.

Considering vendor acknowledgments, CVE tracking, and Techscribe Central’s analysis of the potential impact, we can deduce the best course of action: ensure Chromium-based browsers (e.g., Microsoft Edge) are up-to-date.

Threat Intelligence Team Research

Research has shown that several Chromium-based browsers have updated to Chromium build 134.0.6998.89 for macOS following the disclosure of CVE-2025-24201.

  • Microsoft Edge released a security advisory on 03/12/2025 that specified the version users should upgrade to and acknowledged why this CVE affects Edge.
  • Vivaldi alerted customers on 03/10/2025 to update to the new version with a “Backported Upstream 134+ security patch for ‘Out of bounds write in GPU (CVE-2025-24201)’”.
  • Other browsers like Brave Browser and Arc Browser have also updated to the new Chromium build, but they did not explicitly reference the CVE.

Some browsers have not yet updated their Chromium version, which could leave users vulnerable to CVE-2025-24201.

We continue to explore potential connections between Blink and WebKit to enhance our Vulnerability Management product and better protect our customers.

Kandji Vulnerability Management Impact

Kandji Threat Intelligence has ensured our Vulnerability Management (VM) customers are on the most up-to-date, stable releases and can bypass this severe vulnerability.

According to NetMarketShare, approximately 75% of the global market uses Chromium-based browsers.

A visualization of Chromium-based browser detections across our VM customer devices.

Since including this additional coverage, we have seen roughly 18% more unique device detections.

Conclusion

CVE-2025-24201 underscores how a single WebKit flaw can ripple across ecosystems far beyond Apple. With Kandji's proactive research and vulnerability coverage, organizations can stay ahead of emerging threats across all affected platforms.

It’s recommended that admins and analysts monitor the usage of any third-party Chromium browsers, including the Chromium version.