/pcq/media/agency_attachments/2025/02/06/2025-02-06t100846387z-pcquest-new-logo-png.png){kind=logo}
/pcq/media/member_avatars/2024-08-28t070132803z-img_7046.jpg )
Follow Us/pcq/media/media_files/2025/12/12/chrome-faces-fresh-zero-day-heat-as-attackers-exploit-hidden-high-severity-flaw-2025-12-12-10-21-58.jpg)
Google has rolled out an emergency update for its Chrome browser after discovering that a serious security flaw is already being used in real attacks. The company is keeping details quiet for now. The bug is listed internally as 466192044, and Google is holding back technical information until more users have a chance to update safely.
A quiet little bug with big consequences
Google has not shared the exact nature of the flaw, but a related GitHub commit hints at a possible issue inside ANGLE, the graphics layer that helps Chrome render webpages. The commit mentions that the Metal renderer was using the wrong value when calculating buffer sizes.
That hint suggests there might be a memory corruption problem, something attackers sometimes use to take control of a browser just by getting someone to visit a compromised webpage. Nothing has been confirmed yet, but Google has made it clear that the vulnerability is being actively exploited in the wild. As for who is behind the attacks, or how widespread they are, that part is still unknown.
More zero-days than usual this year
This new fix adds to a growing number of zero-day patches Chrome has already pushed in 2025. It is a reminder that browser security remains under constant stress, especially in parts of the code that handle graphics and memory. Google typically reveals more once most users have updated, so more detail may become available later. Alongside the main zero-day fix, Google also resolved two medium-level issues. One affected the Password Manager and involved a use-after-free bug.
The other was a simpler implementation glitch in the Toolbar. Both have CVE identifiers assigned, though Google has not yet shared their full descriptions.
Why Google is keeping things quiet
Whenever a vulnerability is being used in real attacks, Google usually avoids publishing too much technical information too quickly. Revealing the details before companies have time to update thousands of machines could give more attackers a chance to copy the exploit. Holding back buys everyone a little breathing room.
What you should do now
If you use Chrome, it is a good idea to update as soon as possible. Here are the versions to look for:
Windows and macOS users should move to version 143.0.7499.109 or 143.0.7499.110.
Linux users should update to version 143.0.7499.109.
To update Chrome:
Open the browser.
Go to Menu > Help > About Google Chrome.
Let Chrome download the update.
Restart the browser.
If you use another Chromium-based browser, such as Microsoft Edge, Brave, Opera, or Vivaldi, keep an eye out for their updates as well. They rely on the same underlying engine, so they usually receive similar fixes.
A reminder of how valuable browsers have become
Browsers are at the center of so much of everyday life. People use them for work, school, gaming, banking, messaging, and even creative projects. Because of that, they attract a lot of attention from cybercriminals. Vulnerabilities that trigger simply by loading a webpage are especially worrying, since a single visit can be enough to cause trouble.
This latest zero-day is another reminder that deep technical glitches can spill into real-world messes. For now, just do the basics: update Chrome, stay alert, and wait for Google to fill in the blanks once things calm down.
More For You
Zero-click agentic browser attack threatens Google Drive safety
How to Recover Hacked WhatsApp Account: Signs, Fixes, and Safety Tips
India’s Bold SIM-Locked Messaging Rule Reshapes Digital Security