Article Title:
Google Patches Actively Exploited High-Severity Flaw in Chrome’s ANGLE Library
On December 11, 2025, Google released a critical security update for its Chrome browser, addressing three vulnerabilities, one of which is currently being actively exploited in the wild. This high-severity flaw is identified by the Chromium issue tracker ID 466192044. Unlike typical disclosures, Google has withheld specific details regarding the CVE identifier, the affected component, and the exact nature of the vulnerability.
However, insights from a GitHub commit associated with this issue reveal that the flaw resides within Google’s open-source Almost Native Graphics Layer Engine (ANGLE) library. The commit message indicates a problem in the Metal renderer of ANGLE, stating: Metal: Don’t use pixelsDepthPitch to size buffers. pixelsDepthPitch is based on GL_UNPACK_IMAGE_HEIGHT, which can be smaller than the image height. This suggests that the vulnerability is likely a buffer overflow issue caused by improper buffer sizing in ANGLE’s Metal renderer. Such flaws can lead to memory corruption, application crashes, or even arbitrary code execution.
Google has acknowledged the active exploitation of this vulnerability, stating, Google is aware that an exploit for 466192044 exists in the wild, and mentioned that further details are under coordination. As is customary, the company has not disclosed information about the threat actors involved, potential targets, or the scale of the attacks. This approach aims to ensure that users have adequate time to apply the necessary updates before more malicious entities can exploit the flaw.
This recent update marks the eighth zero-day vulnerability in Chrome that Google has addressed in 2025. The previous vulnerabilities include:
– CVE-2025-2783
– CVE-2025-4664
– CVE-2025-5419
– CVE-2025-6554
– CVE-2025-6558
– CVE-2025-10585
– CVE-2025-13223
In addition to the high-severity flaw, the update also addresses two medium-severity vulnerabilities:
– CVE-2025-14372: A use-after-free issue in the Password Manager.
– CVE-2025-14373: An inappropriate implementation in the Toolbar.
To protect against potential threats, users are strongly advised to update their Chrome browser to versions 143.0.7499.109/.110 for Windows and macOS, and 143.0.7499.109 for Linux. To ensure the latest updates are installed, navigate to More > Help > About Google Chrome and select Relaunch.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also apply the fixes as they become available to maintain security.
