Google fixes super-secret 8th Chrome 0-day
Summary
Google pushed an emergency Chrome update to patch a high-severity zero-day that is already being exploited in the wild — the eighth such Chrome 0-day in 2025. Details remain scarce: there is no public CVE yet (tracked internally as 466192044 and listed as “under coordination”), and Google has not disclosed the vulnerability type or the reporter.
The stable updates to install are: 143.0.7499.109/.110 for macOS and Windows, and 143.0.7499.109 for Linux. The release also includes fixes for two medium-severity issues: CVE-2025-14372 (use-after-free in Password Manager, reported by Weipeng Jiang) and CVE-2025-14373 (inappropriate implementation in Toolbar, reported by Khalil Zhani).
Key Points
- Google released an emergency fix for a Chrome zero-day currently exploited in the wild (internal tracking: 466192044).
- No CVE number publicly assigned yet; Google lists the issue as “under coordination.”
- Immediate update versions: 143.0.7499.109/.110 for macOS and Windows; 143.0.7499.109 for Linux.
- Update also fixes CVE-2025-14372 (use-after-free in Password Manager) and CVE-2025-14373 (Toolbar implementation issue).
- This is Chrome’s eighth zero-day of 2025, following a recent string of high-profile fixes including a V8 type-confusion bug and exploited Android bugs.
Author style
Punchy: this matters. An exploited zero-day in Chrome is a direct, immediate risk to users and organisations. Read the details if you manage endpoints or browser fleets — the update is non-negotiable.
Context and relevance
Chrome continuing to suffer multiple exploited zero-days in 2025 is part of a broader pattern of active, sophisticated attacks against widely used platform components. Browsers are high-value targets because exploits can lead to remote code execution or full system compromise.
For IT teams and security professionals this means urgent patching, prioritising browser update rollouts, and monitoring for any signs of exploitation. For regular users: the fastest defence is to update your browser now.
Why should I read this?
Short version: it’s a live exploit. If you use Chrome, hit update. If you manage devices, push this patch today. We’ve cut the fluff so you know what to do right now.