PATCH NOW: Google Issues Emergency Chrome Update for Actively Exploited Zero-Day
Google has released an unscheduled Chrome update to patch a zero-day vulnerability already being exploited in active attacks. The fix is included in stable build 143.0.7499.110 for Windows and macOS, and 143.0.7499.109 for Linux.
The company has confirmed that the flaw — internally tracked under identifier 466192044 — has been observed in real-world exploitation, prompting an accelerated rollout. Nevertheless, users and administrators are strongly urged to install the update manually rather than await automatic distribution.
The vulnerability has been rated as high severity. Google has withheld details regarding the affected component and exploitation method; this information will remain restricted until coordination with partners is complete. Such confidentiality is standard practice, intended to prevent additional threat actors from reproducing the bug and crafting their own attacks. Access to the technical description may remain limited longer than usual if the issue involves an external library used by other projects that has not yet been patched.
In addition to resolving the zero-day, the update addresses two medium-severity issues reported by external researchers. The first, CVE-2025-14372, is a Use-after-free flaw in Chrome’s password manager — a defect capable of causing memory corruption or arbitrary code execution. The second, CVE-2025-14373, stems from an implementation error in the browser’s toolbar. Each researcher received a $2,000 bounty for their discovery.
To install the update manually, open Chrome’s menu, select “Help,” then “About Google Chrome.” After checking for available versions, the browser will automatically download the update and prompt you to restart to complete installation.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
