Google released a new security update for its Chrome browser on Wednesday to resolve three security issues, including one flaw that the company confirmed has been actively exploited. The vulnerability is listed in the Chromium issue tracker under the identifier 466192044 and is classified as high severity. Google has not disclosed the CVE identifier, impacted component details or technical specifications of the flaw at this time. The decision follows the company’s standard practice of withholding sensitive information until the majority of users have had the opportunity to apply updates. This approach helps reduce the likelihood of additional attackers attempting to reverse engineer patches or develop their own exploit chains based on newly published fixes. Despite the limited disclosure, a GitHub commit associated with the Chromium bug indicates that the flaw exists within Google’s open source Almost Native Graphics Layer Engine, known as ANGLE. The commit message references a correction within the Metal renderer related to improper buffer sizing due to reliance on pixelsDepthPitch, an element connected with GL_UNPACK_IMAGE_HEIGHT that can underrepresent the actual image height.
Based on the technical detail revealed in the commit, the issue is likely a buffer overflow condition in ANGLE’s Metal backend. Such a flaw could lead to memory corruption, unexpected program behavior or the possibility of arbitrary code execution under specific conditions. Google stated that it is aware of active exploitation connected to 466192044 and added that further details remain under coordination. No information has been released regarding the identity of the actor exploiting the flaw, the scope of the attacks or specific targets. This selective withholding of details reflects a routine security stance intended to offer users time to update their software and stabilize their environments before broad technical evidence is made publicly available. As part of this security release, Google also addressed additional medium severity issues, including CVE 2025 14372 affecting the Password Manager and CVE 2025 14373 related to an inappropriate implementation in the Toolbar component.
The company noted that this latest release raises the number of zero day vulnerabilities fixed in Chrome this year to eight. These flaws, which have been either actively exploited or publicly demonstrated as proof of concept attacks, include CVE 2025 2783, CVE 2025 4664, CVE 2025 5419, CVE 2025 6554, CVE 2025 6558, CVE 2025 10585 and CVE 2025 13223. Google’s security engineering team has continued to issue updates throughout the year as part of ongoing maintenance and monitoring efforts involving both Chrome and its underlying components. Researchers have emphasized that ANGLE, as part of the graphical rendering pipeline used widely within Chromium based software, represents a critical surface area and must be closely monitored when new instability or improper memory handling is detected. With this update, Google is urging users to ensure that they are running Chrome versions 143.0.7499.109 or .110 on Windows and Apple macOS, and version 143.0.7499.109 on Linux.
Google also advised users of Chromium based browsers such as Microsoft Edge, Brave, Opera and Vivaldi to look out for vendor specific releases that include corresponding fixes. These browsers rely on shared code from Chromium, making it essential for all vendors in the ecosystem to deploy patched versions once available. To verify that the latest update has been installed, users can access the More menu within Chrome, select Help, then choose About Google Chrome. This action triggers the browser to check for updates automatically and prompts a restart through the Relaunch option when necessary. Google reinforced the importance of applying these updates promptly, as doing so remains one of the most effective methods for reducing exposure to active exploitation attempts involving browser vulnerabilities.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
