Google has launched emergency updates to repair one other Chrome zero-day vulnerability exploited within the wild, marking the eighth such safety flaw patched because the begin of the 12 months.
“Google is conscious that an exploit for 466192044 exists within the wild,” Google mentioned in a safety advisory issued on Wednesday.
The corporate has now fastened this high-severity vulnerability for customers within the Steady Desktop channel, with new variations rolling out worldwide to Home windows (143.0.7499.109), macOS (143.0.7499.110), and Linux customers (143.0.7499.109).
Whereas the safety patch might take days or even weeks to achieve all customers, in keeping with Google, it was instantly obtainable when BleepingComputer checked for updates earlier immediately.
When you want to not replace manually, it’s also possible to let your net browser examine for updates mechanically and set up them after the following launch.
Though Google did not share every other particulars about this zero-day bug, together with the CVE ID used to trace it, and mentioned it is nonetheless “below coordination.”
“Entry to bug particulars and hyperlinks could also be saved restricted till a majority of customers are up to date with a repair. We may also retain restrictions if the bug exists in a 3rd get together library that different tasks equally rely on, however have not but fastened,” it famous.
Nonetheless, in keeping with the Chromium bug ID, the flaw was present in Google’s open-source LibANGLE library, which interprets OpenGL ES graphics calls into different APIs corresponding to Direct3D, Vulkan, or Metallic, and allows OpenGL ES apps to run on methods that do not natively assist it or the place different graphics APIs provide higher efficiency.
In line with the Chromium bug report, the zero-day is a buffer overflow vulnerability in ANGLE’s Metallic renderer attributable to improper buffer sizing, which might result in reminiscence corruption, crashes, delicate info leaks, and arbitrary code execution.
For the reason that begin of the 12 months, Google has fastened seven different zero-day flaws exploited in assaults. In November, September, and July, it addressed two actively exploited zero-day (CVE-2025-13223, CVE-2025-10585, and CVE-2025-6558) reported by Google’s Menace Evaluation Group (TAG) researchers.
It launched extra safety updates in Might to handle a zero-day (CVE-2025-4664) that allowed menace actors to hijack accounts, and in June, it fastened one other one (CVE-2025-5419) within the V8 JavaScript engine, additionally found by Google TAG.
In March, it additionally patched a high-severity sandbox escape flaw (CVE-2025-2783) reported by Kaspersky, which was exploited in espionage assaults concentrating on Russian authorities organizations and media shops.
Damaged IAM is not simply an IT downside – the influence ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears to be like like, and a easy guidelines for constructing a scalable technique.
