Emergency Chrome Update: Google Patches New Zero-Day Under Active Attack

Google has pushed an urgent security update to the Stable Channel for Desktop, racing to patch a high-severity vulnerability that is currently being exploited in the wild. The release, which brings the browser to version 143.0.7499.109/.110, addresses three security issues, including the critical zero-day flaw.

The focal point of this update is a high-severity vulnerability tracked as issue 466192044. Unlike typical disclosures, Google has kept the specific details of this bug—including its CVE identifier—under wraps, listing it simply as “Under coordination.”

However, the company issued a stark warning in its advisory: “Google is aware that an exploit for 466192044 exists in the wild.”

This confirms that threat actors have already weaponized the flaw to target users. The “Under coordination” status suggests the vulnerability may involve a complex interaction with third-party components or requires further collaboration with other vendors before full technical details can be safely released.

Alongside the zero-day patch, Google resolved two medium-severity issues reported by external researchers, awarding a total of $4,000 in bug bounties:

CVE-2025-14372: A Use-after-free vulnerability in the Password Manager. This memory corruption bug was reported by Weipeng Jiang (@Krace) of VRI on November 14, 2025, earning a $2,000 reward.
CVE-2025-14373: An Inappropriate implementation in the Toolbar. Discovered by researcher Khalil Zhani on November 18, 2025, this flaw also carried a $2,000 bounty.

The update is rolling out now to Windows, Mac, and Linux users. Given the active exploitation of the high-severity flaw, administrators and users are strongly advised not to wait for the automatic rollout.

To verify your protection status, navigate to Settings > About Chrome to trigger the download immediately.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply