Google patches actively exploited Chrome vulnerability
Take action: An urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and the flaw is nasty enough that even the basic description of it is withheld. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.
Learn More
Google has released an emergency security update for the Chrome browser to patch a high-severity zero-day vulnerability that is currently being exploited in active attacks.
The patched version of Chrome is 143.0.7499.109/.110 for Windows and macOS, and 143.0.7499.109 for Linux.
- The zero-day vulnerability, tracked internally as Issue 466192044 (CVE-2025-14174, CVSS score 8.8) - Out of bounds memory access in ANGLE. Google confirmed in its advisory that it is aware of an exploit for this vulnerability existing in the wild, attackers are actively using the flaw to compromise systems. Google has withheld all technical details about the vulnerability, including the affected component and attack vector. CISA has confirmed active exploitation
In addition to the actively exploited zero-day, this update patches two medium severity vulnerabilities
- CVE-2025-14372 - Use-after-free vulnerability in Password Manager
- CVE-2025-14373 - Inappropriate implementation in Toolbar
Users are strongly urged to update their Chrome browsers immediately. To manually apply the update, users should navigate to the Chrome menu, select "Help," and click on "About Google Chrome." The browser will automatically check for available updates and prompt for a relaunch to complete the installation. Chrome typically updates automatically, but manual verification ensures protection against the actively exploited zero-day vulnerability.
