Outbreak Alert - Google Chrome 0-Day Vulnerability

ICS Labs’ CTI team has identified alerts regarding a critical vulnerability in the Google Chrome browser, tracked under ID 466192044 in Chromium, which is being actively exploited.

The flaw, classified as high severity, affects the Almost Native Graphics Layer Engine (ANGLE) library, specifically in the Metal renderer, due to an error in buffer sizing based on pixelsDepthPitch. This issue can lead to memory corruption, execution failures, or allow arbitrary code execution. Although full technical details and the official CVE have not yet been disclosed to prevent mass exploitation, it is confirmed that the vulnerability is being used in real-world attacks.

In addition to this flaw, the latest Chrome update addresses other vulnerabilities, including eight zero-days exploited or demonstrated as proof of concept in 2025, such as CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, CVE-2025-6558, CVE-2025-10585, and CVE-2025-13223, as well as two medium-severity issues (CVE-2025-14372 and CVE-2025-14373).

To mitigate risks, it is essential to immediately update Chrome to versions 143.0.7499.109/.110 on Windows and macOS, and 143.0.7499.109 on Linux by navigating to Menu > Help > About Google Chrome and restarting the browser. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply patches as soon as they become available. This update is critical to prevent active exploitation and protect against potential attacks that could compromise system integrity.

Latest Updates:

• December 10, 2025: Google publishes a blog post announcing the existence of these vulnerabilities and urges Chrome users to keep their browsers updated.

• November 11, 2025: Several cybersecurity platforms issue alerts about the vulnerability.