Update now warning for all Chrome users.
dpa/picture alliance via Getty Images
Just days after warning that Android is under attack, with two vulnerabilities now being exploited in the wild, Google has confirmed the same for Chrome. Another zero-day. Another warning attacks are underway. Another emergency update.
Google Confirms Android Attacks—No Fix For Most Samsung Users
“Google is aware that an exploit for 466192044 exists in the wild,” the company warned in its late Dec. 10 release. This is a high-severity vulnerability but a critical update. This doesn’t even have a CVE tag yet. Google just says it’s “under coordination.”
For desktop users, “the Stable channel has been updated to 143.0.7499.109/.110 for Windows/Mac and 143.0.7499.109 for Linux.” Meanwhile, “ChromeOS version 16433.65.0 (Browser version 142.0.7444.234) has rolled out” and Google has also “just released Chrome 143 (143.0.7499.109) for Android.”
It’s usual for Google to keep “access to bug details and links restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
But it’s unusual for a fix to be rushed out so quickly there are not even the usual classifications that enable the security industry to track updates and fixes. That tells us this emergency update moved from disclosure to release immediately, which suggests attacks may be more serious that a typical, targeted Chrome zero-day might suggest.
If You See This Google Message, Your Gmail Is Under Attack
In addition to the emergency fix, Google has also patched CVE-2025-14372, a “use after free in Password Manager” and CVE-2025-14373, an “inappropriate implementation in Toolbar.” Both of these were disclosed by external researchers. The password manager CVE is interesting, given recent concerns on browser-based password management.
As ever, the new update with download automatically and then you will see a flag in your browser to restart. Do that immediately. Your normal tabs will restart but your private browsing “incognito” tabs will not. So save any work before you restart.
