The Google Chrome browser recently released a version update blog to reveal the security vulnerabilities currently discovered. For this reason, Google has launched Google Chrome v143.0.7499.109/110 version to fix it. One of the vulnerabilities has been confirmed to be actively exploited by hackers and is more harmful. Therefore, it is recommended that all users update immediately.

Here is the list of vulnerabilities:

466192044: The vulnerability level is high and the details of the vulnerability have not been released. This vulnerability has been exploited by hackers in real environments.

460599518: Vulnerability level, CVE-2025-14372, a use-after-free vulnerability in Google Chrome Password Manager, reported by @Weipeng Jiang

461532432: Vulnerability class CVE-2025-14373, improper implementation of the toolbar in Google Chrome, reported by @Khalil Zhani

After the Chromium vulnerability ID was assigned, it was discovered that the exploited 466192044 vulnerability belongs to Google's open source LibANGLE library. The function of this open source library is to convert OpenGL ES graphics calls to other APIs (such as D3D), allowing OpenGL ES applications to provide better performance on systems that are not natively supported.

The general situation of the vulnerability is that there is an overflow caused by improper buffer size in the ANGLE Metal renderer, which may lead to memory corruption, crash, leakage of sensitive information, or arbitrary code execution. From this point of view, it is natural that the vulnerability level is rated as high.

As usual, Google will not announce the details of the vulnerability for the time being when most users have not upgraded to a new version that is not affected. That is to say, the communication logs disclosing the vulnerability currently require a login account and require permission authentication. Only Google engineers and some security researchers can view the vulnerability.

Interested security practitioners can look for this vulnerability number in the Chromium vulnerability list in about 90 days. By then, the specific vulnerability details should be viewable without permission and can be used for learning.