Google has pushed out an emergency Chrome update to patch a critical zero-day vulnerability actively being exploited in the wild, marking the eighth such security fix this year.
Quick Summary – TLDR:
- Google patched a high-severity zero-day flaw in Chrome tracked under bug ID 466192044.
- The bug resides in the ANGLE graphics library and involves a buffer overflow risk.
- No CVE ID has been released yet, and details remain restricted as the fix rolls out.
- This is the eighth Chrome zero-day patched in 2025, highlighting ongoing browser security risks.
What Happened?
Google released a security update for Chrome on Windows, macOS, and Linux after discovering that a high-severity vulnerability was being actively exploited. The flaw, referenced internally as bug ID 466192044, does not yet have a CVE identifier and is still under investigation. While full technical details are being withheld, the bug has been linked to Chrome’s ANGLE graphics layer and appears to be a buffer overflow vulnerability.
‼️🚨 Google has released an urgent security update for Chrome to address a high-severity zero-day vulnerability currently being exploited in the wild.
— International Cyber Digest (@IntCyberDigest) December 11, 2025
“Google is aware that an exploit for 466192044 exists in the wild.”https://t.co/XF3Lb9SzYQ pic.twitter.com/BZAqyK6TW2
Google’s Latest Zero-Day Patch Explained
In its advisory, Google confirmed the existence of active exploitation but chose not to reveal many specifics. The company stated, “Google is aware that an exploit for 466192044 exists in the wild,” noting that further details would remain private until more users receive the fix.
However, a GitHub commit revealed the vulnerability lies within the Metal renderer of ANGLE, a component that helps translate OpenGL ES graphics calls to modern APIs like Direct3D or Vulkan. Improper sizing of memory buffers, specifically involving pixelsDepthPitch, is at the core of the issue. This opens up the potential for memory corruption, crashes, data leaks, and arbitrary code execution.
Rollout and Other Fixes
The fix has been pushed in Chrome version 143.0.7499.109 for Windows and Linux, and 143.0.7499.110 for macOS. While it may take time for all users to receive the update automatically, manual updating is already available. Users are encouraged to go to More > Help > About Google Chrome and select Relaunch to apply the patch.
In addition to the zero-day, two medium-severity vulnerabilities were also fixed:
- CVE-2025-14372: A use-after-free issue in Chrome’s password manager.
- CVE-2025-14373: An inappropriate implementation in the toolbar.
Both were reported by external researchers and earned $2,000 each in bug bounty rewards.
A Pattern of Targeted Exploits
Google has now patched eight zero-day vulnerabilities in Chrome since January 2025. Previous high-profile fixes addressed issues in the V8 JavaScript engine, sandbox escapes, and account hijacking threats. Several of these vulnerabilities were linked to state-backed cyber espionage campaigns, often involving commercial spyware.
Here is a quick look at the other zero-days fixed this year:
- CVE-2025-13223
- CVE-2025-10585
- CVE-2025-6558
- CVE-2025-4664
- CVE-2025-5419
- CVE-2025-2783
- CVE-2025-6554
As with past incidents, Google is holding off on full disclosure to prevent reverse engineering of the patch that could allow more attackers to exploit the issue.
SQ Magazine Takeaway
Honestly, it’s starting to feel like zero-days in Chrome are becoming monthly events. As a regular user, this is a strong reminder that keeping your browser updated is not just good practice, it’s essential security hygiene. I always recommend enabling auto-updates and checking your browser version from time to time. If Chrome is your daily driver, this patch is one you definitely don’t want to skip. It only takes a minute to relaunch and stay safe.
