Google Patches Zero-day Vulnerability Exploited in Attack
Google has issued urgent updates to address another Chrome zero-day vulnerability that is actively being exploited in the wild, making it the eighth security flaw fixed since the beginning of the year.
The previous are mentioned below:
- CVE-2025-13223
- CVE-2025-10585
- CVE-2025-6558
- CVE-2025-6554
- CVE-2025-5419
- CVE-2025-2783
- CVE-2025-4664
Tracked as 466192044, Google has not provided any information regarding the vulnerability. The advisory says it’s under coordination. Google mentioned in the advisory that they are aware of an exploit for CVE-2019-466192044 that exists in the wild.
Google addressed two more vulnerabilities in the advisory.
- CVE-2025-14372: Use-After-Free vulnerability in Password Manager.
- CVE-2025-14373: Inappropriate implementation in Toolbar.
Affected Versions
The vulnerability affects Google Chrome versions before 143.0.7499.109.
Mitigation
Customers must upgrade to the latest stable channel version 143.0.7499.109/.110 for Windows/Mac and 143.0.7499.109 for Linux.
For more information, please refer to the Google Chrome Release Page.
Qualys Detection
Qualys customers can scan their devices with QID 386201 to detect vulnerable assets.
Rapid Response with TruRisk
Eliminate
Qualys TruRisk Eliminate and its Zero-Touch Patching feature provide a seamless, automated process for patching vulnerabilities like this.
Zero-Touch Patching identifies the most vulnerable products in your environment and automates the deployment of necessary patches and configuration adjustments. This streamlines the patching process, ensuring that vulnerabilities are addressed promptly.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html
Comments are closed.