Ethical Hacking News

Google Addresses Three Vulnerabilities in Chrome Browser, Including High-Severity Flaw Exploited in the Wild

Google has addressed three vulnerabilities in Chrome browser, including a high-severity bug that is being actively exploited by threat actors. The update fixes bugs across multiple vulnerabilities to improve security for users worldwide.

Google has released security updates to fix three vulnerabilities in Chrome browser.

A high-severity vulnerability (CVE-2025-14372) is already being exploited by threat actors, allowing them to execute malicious code.

Additional vulnerabilities were fixed as part of the update, including two medium-severity issues (CVE-2025-14373 and another unspecified one).

These vulnerabilities are just a few in a series of seven zero-day flaws that Google has addressed this year.

The internet giant Google has recently released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. The vulnerability, identified as Chromium issue 466192044, was discovered by a researcher who reported it on GitHub and subsequently notified Google about the exploit.

The high-severity vulnerability lies in the ANGLE graphics library, specifically its Metal renderer, where buffer sizes were incorrectly calculated using pixelsDepthPitch, derived from GL_UNPACK_IMAGE_HEIGHT. This incorrect calculation can cause buffer overflows, leading to memory corruption, crashes, or potentially arbitrary code execution. As a result, threat actors are able to exploit this vulnerability to execute malicious code on systems running the affected version of Chrome.

In addition to addressing the high-severity bug, Google also fixed two medium-severity vulnerabilities identified as CVE-2025-14372 and CVE-2025-14373. The first of these, CVE-2025-14372, is a use-after-free issue in the Password Manager component of Chrome. The second vulnerability, CVE-2025-14373, is an inappropriate implementation in the Toolbar component.

These vulnerabilities are part of a series of seven zero-day flaws that Google has addressed this year, including CVE-2025-6554, CVE-2025-10585, CVE-2025-6558, CVE-2025-5419, CVE-2025-4664, and CVE-2025-2783. These vulnerabilities were discovered by researchers who reported them to Google and subsequently notified the company about the exploits.

As part of its security update process, Chrome Stable has been updated to version 143.0.7499.109/.110 for Windows/macOS and 143.0.7499.109 for Linux, with a rollout over the next days/weeks. The full changes are listed in the build log.

Google's proactive approach to addressing vulnerabilities and providing security updates is crucial in protecting users from the ever-evolving landscape of cyber threats. By staying on top of the latest security issues and releasing patches quickly, Google can help prevent exploitation of zero-day flaws like Chromium issue 466192044.

Related Information:

https://www.ethicalhackingnews.com/articles/Google-Addresses-Three-Vulnerabilities-in-Chrome-Browser-Including-High-Severity-Flaw-Exploited-in-the-Wild-ehn.shtml

https://securityaffairs.com/185566/hacking/google-fixed-a-new-actively-exploited-chrome-zero-day.html

https://www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/

https://www.pcworld.com/article/3008630/google-issues-urgent-chrome-update-to-fix-a-mysterious-0-day-exploit.html

https://nvd.nist.gov/vuln/detail/CVE-2025-14372

https://www.cvedetails.com/cve/CVE-2025-14372/

https://nvd.nist.gov/vuln/detail/CVE-2025-14373

https://www.cvedetails.com/cve/CVE-2025-14373/

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

https://www.cvedetails.com/cve/CVE-2025-6554/

https://nvd.nist.gov/vuln/detail/CVE-2025-10585