CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Eighth Chrome Zero-Day Vulnerability Patched in 2025

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

Google has released an emergency update to fix a high-severity zero-day vulnerability (466192044) in Chrome, marking the eighth such flaw exploited in attacks in 2025. The vulnerability, a buffer overflow in the ANGLE's Metal renderer, affects Chrome versions for Windows, macOS, and Linux. Google has not disclosed further details, including the CVE ID, as the issue remains under coordination. The flaw could lead to memory corruption, crashes, sensitive information leaks, and arbitrary code execution. Users are advised to update their browsers to versions 143.0.7499.109 for Windows and Linux, and 143.0.7499.110 for macOS. This update also addresses two additional medium-severity vulnerabilities (CVE-2025-14372 and CVE-2025-14373). Additionally, Google has released patches for three new Chrome zero-day vulnerabilities, including a high-severity one for which an exploit is accessible in the wild. The high-severity zero-day is referred to only by Google’s internal tracker ID, 466192044, with no CVE attributed at this stage. The status of the vulnerability is marked as 'Under coordination.' Access to the details of a vulnerability may be kept restricted until a majority of users are updated with a fix.

Timeline

  1. 11.12.2025 10:01 3 articles · 1d ago

    Eighth Chrome Zero-Day Vulnerability Patched in 2025

    Google has released an emergency update to fix a high-severity zero-day vulnerability (466192044) in Chrome, marking the eighth such flaw exploited in attacks in 2025. The vulnerability, a buffer overflow in the ANGLE's Metal renderer, affects Chrome versions for Windows, macOS, and Linux. Google has not disclosed further details, including the CVE ID, as the issue remains under coordination. The flaw could lead to memory corruption, crashes, sensitive information leaks, and arbitrary code execution. Users are advised to update their browsers to versions 143.0.7499.109 for Windows and Linux, and 143.0.7499.110 for macOS. This update also addresses two additional medium-severity vulnerabilities (CVE-2025-14372 and CVE-2025-14373). Additionally, Google has released patches for three new Chrome zero-day vulnerabilities, including a high-severity one for which an exploit is accessible in the wild. The high-severity zero-day is referred to only by Google’s internal tracker ID, 466192044, with no CVE attributed at this stage. The status of the vulnerability is marked as 'Under coordination.' Access to the details of a vulnerability may be kept restricted until a majority of users are updated with a fix.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Google Patches Two Exploited Android Framework Vulnerabilities

Google released December 2025 Android security updates addressing 107 vulnerabilities, including two Framework bugs (CVE-2025-48633, CVE-2025-48572) actively exploited in limited, targeted attacks. The updates also fixed a critical Framework flaw (CVE-2025-48631) enabling remote DoS without additional privileges. Patches are available in two levels (2025-12-01, 2025-12-05) for faster manufacturer adoption. The vulnerabilities affect Android versions 13, 14, 15, and 16, and the patches will address 56 additional vulnerabilities affecting Android components in the kernel or third-party components. Similar flaws in the past were used for targeted exploitation by commercial spyware or nation-state operations targeting a small number of high-interest individuals. The updates address four critical-severity fixes for elevation-of-privilege flaws in the Kernel's Pkvm and UOMMU subcomponents, and two critical fixes for Qualcomm-powered devices (CVE-2025-47319 and CVE-2025-47372). Samsung published its security bulletin, including ported fixes from the Google update and vendor-specific fixes. Devices on Android 10 and later may receive some crucial fixes via Google Play system updates. Play Protect can detect and block documented malware and attack chains, so users of any Android version should keep the component up to date and active.

Open in new tab

High-Severity Flaws Patched in Firefox 145 and Chrome 142

Mozilla and Google released updates for Firefox and Chrome, addressing multiple high-severity vulnerabilities. Firefox 145 fixes 16 flaws, including nine high-severity issues, while Chrome 142 resolves a critical V8 JavaScript engine flaw. Both updates include improvements to security and functionality.

Open in new tab

Memento Labs linked to Chrome zero-day exploitation in Operation ForumTroll

Operation ForumTroll, discovered in March 2025, targeted Russian organizations using a zero-day vulnerability in Google Chrome (CVE-2025-2783). The campaign, also tracked as TaxOff/Team 46 by Positive Technologies and Prosperous Werewolf by BI.ZONE, delivered malware linked to the Italian spyware vendor Memento Labs. The attacks used phishing emails with malicious links to infect victims, targeting media outlets, universities, research centers, government organizations, financial institutions, and other organizations in Russia and Belarus. The malware, identified as LeetAgent and Dante, was used to steal data and maintain persistence on compromised systems. Memento Labs, formed after InTheCyber Group acquired Hacking Team, presented its Dante spyware at a conference in 2023. The malware was used in attacks dating back to at least 2022. The attacks involved sophisticated techniques to ensure only targeted victims were compromised. The zero-day vulnerability (CVE-2025-2783) was discovered and reported to Google by researchers at Kaspersky Lab earlier in 2025. The exploit bypassed Chrome's sandbox protections by exploiting a logic vulnerability in Chrome caused by an obscure quirk in the Windows OS. The exploit used pseudo handles to disable sandbox functionality, allowing unauthorized access to privileged processes. The exploit represents a new class of vulnerabilities that could affect other applications and Windows services. The group known as Mem3nt0 mori, also referred to as ForumTroll APT, is linked to Operation ForumTroll. The attacks began in March 2025 with highly personalized phishing emails inviting victims to the Primakov Readings forum. The flaw in Chrome stemmed from a logical oversight in Windows' handling of pseudo handles, allowing attackers to execute code in Chrome's browser process. Google patched the issue in version 134.0.6998.177/.178. Firefox developers found a related issue in their browser, addressed as CVE-2025-2857. Kaspersky's researchers concluded that Mem3nt0 mori leveraged Dante-based components in the ForumTroll campaign, marking the first observed use of this commercial spyware in the wild. The discovery underscores ongoing risks from state-aligned and commercial surveillance vendors. Kaspersky urged security researchers to examine other software and Windows services for similar pseudo-handle vulnerabilities.

Open in new tab

Cursor and Windsurf IDEs vulnerable to 94+ n-day Chromium issues

Cursor and Windsurf IDEs are vulnerable to over 94 known and patched security issues in the Chromium browser and V8 JavaScript engine. The vulnerabilities affect approximately 1.8 million developers using these AI-powered code editors. The IDEs are built on outdated versions of the Electron framework, which embeds Chromium and V8, exposing them to vulnerabilities that have been fixed in newer versions. The vulnerabilities can be exploited to cause denial of service or arbitrary code execution. The risks were disclosed responsibly on October 12, but the developers have not addressed them. Cursor considered the report out of scope, and Windsurf did not respond.

Open in new tab

Zero-day in Google Chrome exploited in the wild

Google has patched a zero-day vulnerability (CVE-2025-10585) in the Chrome web browser that has been actively exploited in the wild. The vulnerability is a type confusion issue in the V8 JavaScript and WebAssembly engine. The exploit details, actors involved, and the scale of exploitation remain undisclosed. The flaw is the sixth zero-day in Chrome that has been actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. Google has released security updates to address the vulnerability.

Open in new tab