Google Chrome Zero-Day Actively Exploited via ANGLE Graphics Component

Google has released a new Chrome security update that addresses multiple vulnerabilities, including a high-severity flaw (466192044) that is already being exploited in real-world attacks. While Google has limited the technical details shared publicly, the update signals an urgent need for users and organizations to take action.

This blog breaks down what’s known about the latest Chrome zero-day so far, why it matters, and what steps should be taken to reduce risk.

What Triggered Google’s Latest Chrome Security Update?

Google pushed a Stable Channel update for Chrome on December 10, 2025, rolling out new versions for Windows, macOS, and Linux. The release includes fixes for three security vulnerabilities, one of which has been confirmed as actively exploited in the wild.

As is common with zero-day situations, Google has restricted access to detailed bug information. This approach helps prevent additional attackers from weaponizing the flaw before most users have applied the patch.

What Is the Actively Exploited Chrome Zero-Day Vulnerability (Issue 466192044)?

The most serious issue addressed in this update is tracked as issue 466192044 and is rated high severity. Google has not yet assigned a public CVE identifier or shared full technical details.

Google has stated that the vulnerability details are “under coordination”. At the same time, the company confirmed that an exploit is already being used in real-world attacks against Chrome users.

With this update, Google has addressed eight Chrome zero-day vulnerabilities in 2025 that were either actively exploited or demonstrated through proof-of-concept attacks. This number highlights the continued focus of threat actors on browsers as a high-value target for initial access.

Which Component Is Affected by the Zero-Day Flaw?

Public clues from a related Chromium code (466192044) commit point to Google’s Almost Native Graphics Layer Engine (ANGLE), an open-source library used to translate graphics APIs across platforms.

The issue appears to affect ANGLE’s Metal renderer, where improper buffer sizing could occur due to incorrect handling of image depth values. This type of flaw commonly results in buffer overflows, opening the door to memory corruption or potential arbitrary code execution.

Commit message on Chromium review for the bug 466192044

Why Is Google Keeping the Details Restricted?

Google’s decision to withhold technical specifics is intentional. In cases where a vulnerability is actively exploited, releasing too much information too soon can:

• Increase the scale and speed of exploitation
• Put unpatched users at greater risk
• Enable additional attackers to bypass the patch

This controlled disclosure strategy is standard practice for high-risk browser zero-days and is meant to buy defenders time to deploy updates.

What Other Vulnerabilities Were Fixed in This Chrome Release?

In addition to the high-severity zero-day, Google fixed two medium-severity vulnerabilities reported by external researchers.

• CVE-2025-14372: This vulnerability affects Chrome’s Password Manager and involves a use-after-free condition. If exploited, it could allow attackers to manipulate freed memory, potentially leading to crashes or unexpected behavior.
• CVE-2025-14373: The second medium-severity issue relates to an inappropriate implementation in the Chrome Toolbar. While less severe than memory corruption flaws, such logic issues can still be abused in certain attack chains.

Are Other Chromium-Based Browsers Also at Risk?

Because the flaw exists within the shared Chromium codebase, other browsers that rely on it (such as Brave, Microsoft Edge, Opera) could also inherit the risk until their respective vendors ship patches. Users and security teams should closely track browser-specific advisories and prioritize updates once fixes are released.

Which Chrome Versions Contain the Security Fixes?

Update Chrome immediately on all endpoints, including personal and corporate devices, to ensure the zero-day fix is applied. Users should ensure they are running the following versions or later:

• Windows / macOS: 143.0.7499.109 or 143.0.7499.110
• Linux: 143.0.7499.109

The update is rolling out gradually, but users can manually trigger it by navigating to More → Help → About Google Chrome and selecting Relaunch.

What Are Other Recommended Mitigation Steps for Users and Organizations?

For security teams, browser zero-days like this one highlight the challenge of limited visibility during early exploitation phases. When technical details are restricted, understanding where exploitation is occurring and which assets may be exposed becomes critical.

• Enforce browser version compliance through endpoint and device management tools to prevent the use of outdated builds.
• Monitor for suspicious browser behavior, such as repeated crashes, rendering anomalies, or unexpected graphics-related issues that could indicate exploitation attempts.
• Limit attack surface by disabling unnecessary browser features, experimental flags, and unused extensions.
• Track zero-day activity and exposure proactively using vulnerability intelligence and threat monitoring platforms like SOCRadar XTI.

SOCRadar’s Vulnerability Intelligence

Solutions such as SOCRadar’s Cyber Threat Intelligence (CTI) module help teams monitor emerging vulnerability activity by correlating exploit chatter, threat actor behavior, and real-world attack signals as they develop. Combined with Attack Surface Management (ASM), organizations can quickly identify internet-facing assets, applications, and endpoints that may be impacted by vulnerable browser components, enabling faster prioritization and response.