Google has launched an pressing safety replace for the Chrome browser to handle a high-severity zero-day vulnerability that’s at present being exploited within the wild.
This emergency patch is a part of the most recent Steady channel replace, bringing the model to 143.0.7499.109/.110 for Home windows and Mac, and 143.0.7499.109 for Linux customers.
The tech big confirmed in its advisory that it “is conscious that an exploit for 466192044 exists within the wild,” signaling that menace actors are actively leveraging this flaw to compromise unpatched programs.
Consequently, the replace will roll out over the approaching days, however directors and customers are urged to replace instantly to mitigate the chance of focused assaults.
Chrome 0-Day Vulnerability
The important vulnerability, tracked internally as Challenge 466192044, has been rated Excessive severity. Not like typical disclosures, Google has saved particular technical particulars concerning the bug, such because the affected element or the assault vector, below strict restrictions. The advisory at present lists the problem standing as “Below coordination.”
This restricted disclosure coverage is commonplace apply for zero-day occasions. By withholding particular info till a majority of the person base has utilized the repair, Google goals to forestall different malicious actors from reverse-engineering the patch and growing their very own exploits.
The corporate acknowledged that entry to bug particulars would stay restricted if the bug exists in a third-party library that different tasks rely upon however haven’t but fastened.
Along with the zero-day patch, this replace resolves two different safety flaws, each rated as Medium severity. These points have been recognized by exterior safety researchers who labored with Google throughout the improvement cycle.
The primary, assigned CVE-2025-14372, is a “Use-after-free” vulnerability situated within the Chrome Password Supervisor. This kind of flaw can usually result in reminiscence corruption or arbitrary code execution.
The second concern, CVE-2025-14373, entails an “Inappropriate implementation” inside the Chrome Toolbar. Each researchers obtained a $2,000 bounty for his or her studies.
Vulnerability Particulars Desk
Challenge ID / CVESeverityComponentDescription466192044HighUndisclosedZero-Day: Below coordination (Exploit detected within the wild)CVE-2025-14372MediumPassword ManagerUse after free vulnerabilityCVE-2025-14373MediumToolbarInappropriate implementation
To use the replace manually, customers ought to navigate to the Chrome menu, choose Assist, and click on on About Google Chrome. The browser will test for accessible updates and require a relaunch to finish set up.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
