Chrome Under Siege: Eighth Actively Exploited Zero-Day Patched in 2025
December 11th, 2025
❓What:
Google has released emergency security updates for Chrome after discovering and patching an eighth zero-day vulnerability that is actively being exploited in the wild in 2025.
This vulnerability (tracked internally as issue 466192044) was addressed in Chrome versions 143.0.7499.109/110 for Windows, macOS, and Linux. Google did *not immediately disclose full technical details or a CVE identifier to help prevent further abuse while the update rolls out.
The flaw was found in the LibANGLE graphics layer translation library, specifically a buffer overflow in the ANGLE Metal renderer caused by improper buffer sizing, which can lead to memory corruption and arbitrary code execution.
⚠️Impact:
This marks the eighth zero-day vulnerability patched in Chrome during 2025, underscoring a persistent and active threat landscape for the browser.
A successful exploit could allow attackers to crash the browser, leak sensitive information, or execute arbitrary code on a user’s system just by visiting a malicious or compromised webpage.
The fact that this bug was exploited before full disclosure means real threats are circulating, and systems running unpatched versions of Chrome remain at risk.
💡Recommendations:
Immediately update Chrome to the latest stable version (143.0.7499.109/110 or later) across all platforms.
Check Help → About Google Chrome to trigger updates manually if automatic updates haven’t arrived yet.
For organizations, enforce browser update policies and ensure all endpoints apply the patch quickly. Extend mitigation to Chromium-based browsers (like Edge, Brave, Opera, Vivaldi) as they may share the impacted components.
Augment defenses with endpoint detection tools and monitor for abnormal browser behavior indicative of exploitation attempts.
Read the full article HERE