Google Confirms In-the-Wild Attacks on Chrome Via a High-Impact, Undisclosed Flaw
Google has released new security updates for Chrome after confirming that a high-severity vulnerability, tracked as issue 466192044, is being actively exploited. The company has not yet shared technical details about the flaw to prevent further misuse, but urges all users to update Chrome immediately. The latest patches also include fixes for multiple zero-day vulnerabilities disclosed earlier this year, along with two medium-severity issues affecting the Password Manager and Toolbar components. Users on Windows, macOS, Linux, and other Chromium-based browsers like Edge, Brave, Opera, and Vivaldi are advised to install the updates as soon as they become available.
Chrome, the web browser developed by Google, is now going through another round of security updates, the purpose of which is to eradicate three vulnerabilities, one of which is even being used by hackers. The high-severity issue related to the exploiting flaw has been given a bug number 466192044 and is displayed in the Chromium bug tracker. Google has so far not provided a CVE number, the vulnerable component, or the technical details of the issue, as is the case with most disclosures.
The company states that the revelation of information is made solely until the coordination is completed, which is the usual protocol when a fix is still being deployed. The holding back of specifics serves as a way of limiting the chances of other threat actors analyzing the patch, replicating the problem, and attacking anew before most users' systems are updated.
Google, besides this, has not offered any details about the possible identity of the exploiter, the victim, or the extent of the exploitation. Such disclosures are reserved until the threats are minimized and the protective measures for the users are in place.
The current update contributes to the increasing number of Chrome zero-days that have been found and fixed during the year. In total, Chrome has been patched eight times for vulnerabilities that were either exploited or made publicly known as proof of-concept attacks. The list of these vulnerabilities includes:
-
CVE-2025-2783
-
CVE-2025-4664
-
CVE-2025-5419
-
CVE-2025-6554
-
CVE-2025-6558
-
CVE-2025-10585
-
CVE-2025-13223
In addition to the severe exploit found in the wild, Google has also fixed two medium-severity vulnerabilities:
-
CVE-2025-14372: A use-after-free error in the Password Manager part
-
CVE-2025-14373: A wrong implementation defect in the Toolbar part
They both might cause unintended behavior or system instability if exploited, but there is no evidence that they are being actively exploited at this time.
In order to remain secure, it is highly recommended that users immediately update Chrome to the latest version. The fixed releases are:
-
Windows and macOS: 143.0.7499.109 or 143.0.7499.110
-
Linux: 143.0.7499.109
You can check for the newest update and install it by going to More > Help > About Google Chrome, which will start the update process automatically. The installation is completed after the browser is restarted.
The security hole is in the typical Chromium codebase, so users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the appropriate updates as soon as they are released.
These quick fixes demonstrate that Google is really committed to preventing attackers from getting a foothold, particularly since Chrome is still one of the most popular and frequently attacked browsers. Bringing in regular updates is still the most efficient way to protect against new and unexpected threats.
