Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html

ONE SENTENCE SUMMARY:

Google released Chrome security updates to fix three critical vulnerabilities, including an actively exploited zero-day, urging immediate user updates.

MAIN POINTS:

1. Google addressed three security flaws in Chrome, including an actively exploited high-severity vulnerability.
2. Information about the CVE identifier, affected component, and flaw nature remains undisclosed.
3. Disclosure delay ensures widespread user updates and hinders reverse engineering for exploits.
4. Eight zero-day flaws have been addressed in Chrome since early 2025.
5. Additional medium-severity vulnerabilities were fixed, including issues in Password Manager and Toolbar.
6. Chrome users should update to versions 143.0.7499.109/.110 for Windows/macOS and 143.0.7499.109 for Linux.
7. Update process involves navigating to More > Help > About Google Chrome and selecting Relaunch.
8. Other Chromium-based browser users, like Microsoft Edge and Brave, should also apply available updates.
9. Detailed threat actor and target information remains withheld for security reasons.
10. Users are advised to apply patches promptly to safeguard against potential threats.

TAKEAWAYS:

1. Immediate update of Chrome is crucial due to actively exploited vulnerabilities.
2. Keeping update details private helps protect against further exploits.
3. Regular updates are essential as numerous zero-day flaws have been targeted.
4. Other Chromium browsers require similar vigilance and updates.
5. User diligence in applying updates significantly enhances security.