Overview
- Google confirmed active exploitation tracked as 466192044 and released out-of-band updates to Chrome Stable on Windows, macOS, Linux, Android, and ChromeOS.
- Patched desktop versions include 143.0.7499.109/.110, Android is 143.0.7499.109, and a ChromeOS update with browser 142.0.7444.234 is rolling out, with users advised to update and restart promptly.
- A Chromium commit links the flaw to a buffer-sizing error in ANGLE’s Metal renderer that could enable memory corruption, crashes, sensitive data exposure, or arbitrary code execution.
- Google also fixed CVE-2025-14372 in Password Manager and CVE-2025-14373 in Toolbar, both reported by external researchers.
- This is the eighth Chrome zero-day addressed in 2025, and other Chromium-based browsers are urged to adopt Chromium 143 or backport patches, with Edge and Brave already updated.