Google dropped an urgent Chrome update on Wednesday to fix a high-severity vulnerability that’s already being exploited in the wild. If you haven’t updated your browser yet, now would be an excellent time.
The flaw is tracked under Chromium issue ID 466192044—and that’s about all Google is sharing publicly. No CVE, no component name, no details on who’s targeted or by whom. Classic security playbook: give users time to patch before handing attackers a roadmap.
What We Know About the Vulnerability
While Google kept the details under wraps, a GitHub commit reveals that the issue lives in ANGLE—Google’s open-source Almost Native Graphics Layer Engine, which handles graphics rendering in Chrome.
The commit message hints at a buffer overflow vulnerability in ANGLE’s Metal renderer, triggered by improper buffer sizing. In practical terms, this could lead to memory corruption, browser crashes, or—worst case—arbitrary code execution. The kind of bug that lets attackers do more than crash your browser tab.
This marks the eighth zero-day vulnerability in Chrome that’s been either actively exploited or publicly demonstrated since the start of 2025. The others include CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, CVE-2025-10585, and CVE-2025-13223.
Additional Fixes in This Update
Google also addressed two other medium-severity bugs:
- CVE-2025-14372 — Use-after-free vulnerability in Password Manager
- CVE-2025-14373 — Inappropriate implementation in Toolbar
Use-after-free vulnerabilities are a favorite among attackers because they allow manipulation of memory that’s already been released—potentially leading to code execution or data theft.
That said, the lack of attribution means we don’t know if this is state-sponsored activity, a targeted campaign against specific organizations, or something broader. Given Chrome’s market dominance, even a narrow exploit can have significant reach.
How to Protect Yourself
Update Chrome immediately to version 143.0.7499.109/.110 for Windows and macOS, or 143.0.7499.109 for Linux. Here’s how:
- Open Chrome and click the three-dot menu (⋮) in the top right
- Go to Help → About Google Chrome
- Chrome will automatically check for updates and download the latest version
- Click Relaunch to complete the update
If you’re using other Chromium-based browsers like Microsoft Edge, Brave, Opera, or Vivaldi, keep an eye out for their respective patches—they all share the same underlying Chromium code.
The Bigger Picture
Browser security has become increasingly critical as we spend more time online and browsers handle everything from banking to healthcare to corporate applications. An exploited browser vulnerability, especially one in a graphics rendering engine, can be weaponized through malicious websites—no download required.
This is why patching matters. Unlike phishing attacks that rely on tricking users, zero-day exploits can compromise systems silently. You don’t need to click a suspicious link or download a sketchy file—just visiting a compromised webpage could be enough.
The fact that 2025 has already seen eight Chrome zero-days speaks to both the browser’s popularity (it’s an attractive target) and the intensity of modern threat research. Whether these exploits are discovered by researchers or threat actors first is often a race against time.
Update your browser. It takes 30 seconds and might save you a whole lot of trouble.
