Google released Chrome security updates to fix three flaws, including one currently being actively exploited. The actively exploited vulnerability, tracked as issue ID 466192044, is a high-severity bug that Google is keeping the details of secret for now.
Google shipped security updates for its Chrome browser to address three security vulnerabilities, one of which the company confirmed is under active exploitation. This actively exploited flaw is a high-severity bug tracked by the Chromium issue ID “466192044.” In an effort to maximize user protection before an exploit can be widely reverse-engineered, Google has chosen to withhold specific information about the flaw, such as its CVE identifier, the affected component, and the exact nature of the vulnerability.
However, a public commit on the GitHub repository for the Chromium project points to the issue being located within Google’s Almost Native Graphics Layer Engine (ANGLE) library. The accompanying commit message specifically notes: “Metal: Don’t use pixelsDepthPitch to size buffers. pixelsDepthPitch is based on GL_UNPACK_IMAGE_HEIGHT, which can be smaller than the image height.”
This technical detail strongly suggests that the issue is a buffer overflow vulnerability within ANGLE’s Metal renderer. The flaw is likely triggered by the incorrect sizing of buffers, which in turn can lead to severe consequences like memory corruption, application crashes, or the potential for an attacker to execute arbitrary code on the affected system.
Confirming the gravity of the situation, Google explicitly stated: “Google is aware that an exploit for 466192044 exists in the wild,” further mentioning that additional details will be provided once “under coordination.” Consistent with its policy for actively exploited zero-days, the tech giant has not released any specifics regarding the identity of the attackers, any targeted individuals or groups, or the overall scope of these malicious efforts. This temporary secrecy is a standard security practice to ensure that the majority of users apply the available patch before other threat actors can analyze the update and develop their own exploits.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
With this latest release, Google has now addressed a total of eight zero-day flaws in Chrome that have been either actively exploited or publicly demonstrated as a proof-of-concept since the beginning of the current year. Other such vulnerabilities previously addressed include CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, CVE-2025-10585, and CVE-2025-13223. The update also included fixes for two medium-severity vulnerabilities: CVE-2025-14372, a use-after-free bug in the Password Manager, and CVE-2025-14373, an inappropriate implementation flaw in the Toolbar.
To protect against these threats, all users are strongly advised to update their Chrome browser immediately to version 143.0.7499.109 or 143.0.7499.110 for Windows and Apple macOS, and version 143.0.7499.109 for Linux. The update can be initiated by navigating to the browser’s More menu, selecting Help, then About Google Chrome, and following the prompt to Relaunch the browser. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also ensure they apply the relevant fixes as soon as their respective developers make them available.
Source: Active Exploit Targets Chrome Linked To A High Severity Yet Unrevealed Flaw