Google has launched emergency updates to repair one other Chrome zero-day vulnerability exploited within the wild, marking the eighth such safety flaw patched for the reason that begin of the 12 months.
“Google is conscious that an exploit for 466192044 exists within the wild,” Google stated in a safety advisory issued on Wednesday.
The corporate has now fastened this high-severity vulnerability for customers within the Steady Desktop channel, with new variations rolling out worldwide to Home windows (143.0.7499.109), macOS (143.0.7499.110), and Linux customers (143.0.7499.109).
Whereas the safety patch may take days or even weeks to achieve all customers, in accordance with Google, it was instantly out there when BleepingComputer checked for updates earlier in the present day.
In case you favor to not replace manually, you can too let your internet browser verify for updates routinely and set up them after the subsequent launch.
Though Google did not share every other particulars about this zero-day bug, together with the CVE ID used to trace it, and stated it is nonetheless “underneath coordination.”
“Entry to bug particulars and hyperlinks could also be saved restricted till a majority of customers are up to date with a repair. We can even retain restrictions if the bug exists in a 3rd get together library that different tasks equally rely on, however have not but fastened,” it famous.
Nevertheless, in accordance with the Chromium bug ID, the flaw was present in Google’s open-source LibANGLE library, which interprets OpenGL ES graphics calls into different APIs akin to Direct3D, Vulkan, or Steel, and permits OpenGL ES apps to run on methods that do not natively help it or the place different graphics APIs supply higher efficiency.
In response to the Chromium bug report, the zero-day is a buffer overflow vulnerability in ANGLE’s Steel renderer brought on by improper buffer sizing, which may result in reminiscence corruption, crashes, delicate info leaks, and arbitrary code execution.
For the reason that begin of the 12 months, Google has fastened seven different zero-day flaws exploited in assaults. In November, September, and July, it addressed two actively exploited zero-day (CVE-2025-13223, CVE-2025-10585, and CVE-2025-6558) reported by Google’s Risk Evaluation Group (TAG) researchers.
It launched further safety updates in Might to handle a zero-day (CVE-2025-4664) that allowed risk actors to hijack accounts, and in June, it fastened one other one (CVE-2025-5419) within the V8 JavaScript engine, additionally found by Google TAG.
In March, it additionally patched a high-severity sandbox escape flaw (CVE-2025-2783) reported by Kaspersky, which was exploited in espionage assaults focusing on Russian authorities organizations and media retailers.
Damaged IAM is not simply an IT downside – the influence ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
