Google has issued an urgent security update for Google Chrome to address a high-severity zero-day vulnerability (tracked as Chromium issue 466192044) that is actively being exploited in the wild. This marks the eighth such Chrome zero-day patched in 2025, highlighting ongoing threats to the browser’s massive user base of over 3 billion devices. 

The flaw involves a buffer overflow in the ANGLE graphics library’s Metal renderer, stemming from improper buffer sizing based on the pixelsDepthPitch parameter, which could allow remote attackers to execute arbitrary code via malicious web content.

Key Details

•  Affected Versions: All Chrome versions prior to the patch (Stable channel versions before 143.0.7499.109/.110 for Windows and macOS, or 143.0.7499.109 for Linux).

•  Patch Versions: Update to Chrome 143.0.7499.109/.110 (Windows/macOS) or 143.0.7499.109 (Linux). The update is rolling out automatically but may take days to weeks for full deployment.

•  Additional Fixes in This Update:

•  Medium-severity use-after-free in Password Manager (CVE-2025-14372).

•  Medium-severity inappropriate implementation in Toolbar (CVE-2025-14373).

•  Exploitation Status: Google confirmed an exploit exists and is in use, but specifics like the attack vector or impacted components beyond ANGLE remain undisclosed to limit further abuse. No CVE has been assigned to the zero-day yet, as it’s under coordination.

This vulnerability poses a significant risk, particularly for users visiting compromised websites, potentially leading to malware installation, data theft, or full system compromise without user interaction.

What You Should Do Immediately

1.  Update Chrome Now: Open Chrome, go to More (three dots) > Help > About Google Chrome. It will check for and install updates automatically. Relaunch the browser after updating.

2.  Enable Auto-Updates: Ensure Chrome is set to update automatically (default setting).

3.  If Using Other Chromium-Based Browsers: Check for updates from vendors like Microsoft Edge, Brave, or Vivaldi, as they may release patches soon.

4.  General Precautions: Avoid suspicious links, use antivirus software, and consider sandboxed browsing until updated.

Google credits security researchers for the other fixes but hasn’t disclosed details on who reported the zero-day. For the full advisory, visit the Chrome Releases blog. Stay vigilant—zero-days like this underscore why timely updates are critical for browser security. If you’re on an enterprise setup, coordinate with your IT team for deployment.