Google Issues Alert on Actively Exploited Chrome 0-Day Flaw

Google has released an urgent security update for Chrome on Windows, macOS, and Linux to address a high-severity zero-day vulnerability that is currently being exploited in the wild.

The search giant announced the release of Chrome versions 143.0.7499.109/.110 for Windows and macOS, and 143.0.7499.109 for Linux, which will roll out to users over the coming days and weeks.

This update aims to patch security holes that could allow attackers to compromise systems; one flaw has already been observed in active attacks.

Zero-Day Under Active Exploitation

The most critical aspect of this release is the patch for a high-severity vulnerability tracked as Issue 466192044.

Google has explicitly stated that it is aware of an exploit for this issue in the wild, meaning threat actors are already leveraging it to target users.

While technical details regarding the vulnerability remain restricted to prevent widespread abuse, the company has classified it as “High” severity and noted that it is currently “Under coordination.”

Restricting bug details is a standard practice for Google until a majority of the user base has updated their browsers.

This delay protects users from hackers who might reverse-engineer the patch to create exploits for unpatched versions.

The vulnerability was likely reported by an external researcher or discovered internally, though no specific credit was assigned in the initial log, underscoring the sensitivity of the disclosure.

Alongside the zero-day patch, this update addresses two other significant security flaws contributed by external researchers.

Both vulnerabilities are classified as “Medium” severity and involve components central to the user experience.

The first, CVE-2025-14372, is a Use-after-free vulnerability within the Password Manager. Use-after-free bugs can often be exploited to corrupt valid data, crash a program, or execute arbitrary code on the affected system.

This issue was reported by Weipeng Jiang (@Krace) of VRI on November 14, 2025, earning a $2,000 bounty.

The second fix, CVE-2025-14373, addresses an “Inappropriate implementation” in the Chrome Toolbar. Researcher Khalil Zhani reported this vulnerability on November 18, 2025, and also resulted in a $2,000 reward.

While less critical than the zero-day, flaws in the toolbar implementation can sometimes lead to UI spoofing or unauthorized actions that trick users into compromising their security.

Users are strongly advised to update to the latest version immediately to mitigate the risks posed by the active zero-day exploit.

Google relies on automated systems and researcher contributions to identify these threats, using tools such as AddressSanitizer and MemorySanitizer during its development cycle.

CVE ID	Severity	Description
Pending (Issue 466192044)	High	Undisclosed vulnerability currently under coordination; exploited in the wild.
CVE-2025-14372	Medium	Use after free in Password Manager.
CVE-2025-14373	Medium	Inappropriate implementation in Toolbar.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Update

The post Google Issues Alert on Actively Exploited Chrome 0-Day Flaw appeared first on Cyber Security News.