High

Google has urgently released a security update for the Chrome browser to patch a high-severity zero-day vulnerability actively exploited in the wild. The update pushes Chrome to version 143.0.7499.109/.110 on Windows and Mac and 143.0.7499.109 on Linux, and Google has confirmed that attackers are already leveraging this flaw, tracked internally as Issue 466192044. Because of its active exploitation, the company is urging users and IT administrators to update immediately rather than waiting for the gradual rollout.

The critical zero-day is currently under restricted disclosure, meaning Google has not revealed details about the affected component, exploitation method, or underlying weakness. This approach is standard for zero-day vulnerabilities, as releasing technical information too early could help additional threat actors craft new exploits from the patch. Google also noted that access to further details will remain limited if the bug is connected to a third-party library that other software projects rely on but have not yet patched.

In addition to the actively exploited zero-day, the latest Chrome update includes patches for two medium-severity vulnerabilities reported by external security researchers. CVE-2025-14372, a use-after-free flaw in the Chrome Password Manager, could potentially lead to memory corruption or code execution. The second issue, CVE-2025-14373, is caused by an inappropriate implementation within the Chrome Toolbar.

To ensure protection against ongoing attacks, users should apply the update manually by navigating to Menu → Help → About Google Chrome, which triggers an automatic update check. Once downloaded, the browser requires a restart to complete installation. With an exploit already active in the wild and additional vulnerabilities addressed in this release, immediate patching is essential to maintain system security and reduce the risk of targeted compromise.