Google on Wednesday shipped security updates for its Chrome browser to address three vulnerabilities, including one the company said is being actively exploited in the wild.
The actively exploited flaw is tracked in the Chromium issue tracker as 466192044. Google has not published the CVE identifier, the affected component or full technical details while it coordinates further information.
A GitHub commit and the project repository for ANGLE indicate the bug resides in Google’s Almost Native Graphics Layer Engine and relates to improper sizing of buffers in the Metal renderer, which can result in memory corruption.
Google said it is aware an exploit for the issue exists in the wild, and provided no details on the identity of the threat actor, who may have been targeted or the scale of the attacks. The company said limited disclosure is intended to allow most users to install fixes before more information is released.
The update is part of fixes that address eight zero-day flaws disclosed or exploited since the start of the year, including CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, CVE-2025-10585 and CVE-2025-13223. Two additional medium-severity issues were fixed: CVE-2025-14372 (use-after-free in Password Manager) and CVE-2025-14373 (inappropriate implementation in Toolbar).
Users are advised to update Chrome to versions 143.0.7499.109/.110 for Windows and macOS and 143.0.7499.109 for Linux. To check for the update, open More > Help > About Google Chrome and select Relaunch. Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi should install vendor patches when they become available.