Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year.
“Google is aware that an exploit for 466192044 exists in the wild,” Google said in a security advisory issued on Wednesday.
The company has now fixed this high-severity vulnerability for users in the Stable Desktop channel, with new versions rolling out worldwide to Windows (143.0.7499.109), macOS (143.0.7499.110), and Linux users (143.0.7499.109).
While the security patch could take days or weeks to reach all users, according to Google, it was immediately available when BleepingComputer checked for updates earlier today.
If you prefer not to update manually, you can also let your web browser check for updates automatically and install them after the next launch.
Although Google didn’t share any other details about this zero-day bug, including the CVE ID used to track it, and said it’s still “under coordination.”
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” it noted.
However, according to the Chromium bug ID, the flaw was found in Google’s open-source LibANGLE library, which translates OpenGL ES graphics calls into other APIs such as Direct3D, Vulkan, or Metal, and enables OpenGL ES apps to run on systems that don’t natively support it or where alternative graphics APIs offer better performance.
According to the Chromium bug report, the zero-day is a buffer overflow vulnerability in ANGLE’s Metal renderer caused by improper buffer sizing, which could lead to memory corruption, crashes, sensitive information leaks, and arbitrary code execution.
Since the start of the year, Google has fixed seven other zero-day flaws exploited in attacks. In November, September, and July, it addressed two actively exploited zero-day (CVE-2025-13223, CVE-2025-10585, and CVE-2025-6558) reported by Google’s Threat Analysis Group (TAG) researchers.
It released additional security updates in May to address a zero-day (CVE-2025-4664) that allowed threat actors to hijack accounts, and in June, it fixed another one (CVE-2025-5419) in the V8 JavaScript engine, also discovered by Google TAG.
In March, it also patched a high-severity sandbox escape flaw (CVE-2025-2783) reported by Kaspersky, which was exploited in espionage attacks targeting Russian government organizations and media outlets.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.