• Posted by: Eng. Donya Bino
• December 11, 2025

Google Patches Actively Exploited Chrome Zero-Day in ANGLE Renderer

Google has rolled out urgent security updates for its Chrome browser to fix three vulnerabilities, including one actively being exploited in the wild. The company is keeping many of the technical details under wraps to prevent further attacks, but some information has emerged via Chromium’s public repositories.

The actively exploited flaw, tracked internally as Chromium issue 466192044, appears to be a buffer overflow in the Almost Native Graphics Layer Engine (ANGLE) library, specifically in its Metal renderer. A GitHub commit notes that the problem stems from improper buffer sizing, which could result in memory corruption, program crashes, or potentially allow attackers to run arbitrary code.

"Google is aware that an exploit for 466192044 exists in the wild," the company said, adding that details are being coordinated carefully to protect users. While Google hasn’t disclosed which users or systems may have been targeted, the advice is simple: update your browser immediately.

Other Vulnerabilities Addressed
The latest Chrome update tackles a total of eight zero-day flaws that have either been actively exploited or demonstrated as proofs-of-concept this year, including:
1. CVE-2025-2783
2. CVE-2025-4664
3. CVE-2025-5419
4. CVE-2025-6554
5. CVE-2025-6558
6. CVE-2025-10585
7. CVE-2025-13223

In addition, two medium-severity vulnerabilities have also been patched:
1. CVE-2025-14372 – Use-after-free in Password Manager
2. CVE-2025-14373 – Implementation issue in Toolbar

Updating Chrome
To stay protected, users should upgrade to:
1. Windows/macOS: 143.0.7499.109/.110
2. Linux: 143.0.7499.109

Simply go to More > Help > About Google Chrome and click Relaunch to apply the latest security updates.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also keep an eye out for their own updates to stay protected.

Source: The Hacker News