Google fixes super-secret 8th Chrome 0-day

Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world’s most popular browser’s eighth zero-day bug of 2025.

We have even fewer than usual details about this security flaw, and the missing details as of early Thursday include a CVE (still listed as “under coordination”), what type of vulnerability Google fixed in Chrome, and who spotted and reported the security hole. 

As of now, the high-severity bug is tracked as 466192044, and all the Chocolate Factory said in its security update is: “Google is aware that an exploit for 466192044 exists in the wild.”

Google generally withholds bug details until the majority of its users have updated their browsers, but it does typically provide a CVE and the type of weakness that it fixed.

Mac and Windows users should update to 143.0.7499.109/.110 to address the issue, and 143.0.7499.109 is the update for Linux systems.

In addition to plugging 466192044, the latest Chrome update also includes a fix for a medium-severity use-after-free flaw in Password Manager, tracked as CVE-2025-14372 and reported by Weipeng Jiang.

Plus, another medium-severity security hole, CVE-2025-14373, that’s due to inappropriate implementation in Toolbar, now has a fix. Khalil Zhani reported this one.

Chrome’s latest zero-day comes less than a month after Google disclosed and patched its seventh such security issue: CVE-2025-13223, a type confusion flaw in the V8 JavaScript engine that could potentially lead to full system compromise.

This emergency fix also follows two Android bugs that were exploited as zero-days before being fixed in Android’s December update. ®

READ MORE HERE