Google released a security update for Chrome on December 10, patching three new vulnerabilities, including a high-severity one that is being actively exploited in the wild. This vulnerability represents the eighth Chrome zero-day exploited in 2025.
The High Severity Zero-Day Vulnerability
Google has issued a security advisory to address a high severity zero-day vulnerability. At the time of publication, Google has not assigned a CVE (Common Vulnerabilities and Exposures) to this flaw. Instead, it is referenced by Google’s internal tracking ID, 466192044.
- Status: Exploited in nature (in the wild).
- Disclosure Details: Google has restricted access to the details of the vulnerability. This policy remains in place until the majority of users have updated with the security patch. Google seeks to prevent further exploitation by not disclosing detailed information about the flaw.
Other Vulnerabilities Patched
The December 10 Chrome security update also includes patches for two vulnerabilities rated as medium severity.
CVE-2025-14372: Use-after-free in Password Manager
- Severity: Rated medium by Google, although the Tenable vulnerability repository assigns it a CVSS v3.0 score of 9.8, suggesting critical severity for some analysts.
- Report: Reported to Google on November 14 by Weipeng Jiang (@Krace) of the Vulnerability Research Institute (VRI).
- CVE Status: The CVE ID is currently reserved by a CVE Numbering Authority (CNA).
CVE-2025-14373: Inappropriate Implementation in the Chrome Toolbar
- Severity: Medium.
- Report: Reported to Google on November 18 by Khalil Zhani.
Conclusion
Google’s quick response in patching this critical zero-day vulnerability underscores the importance of keeping software up to date. The policy of withholding technical details until patches are widely deployed is standard industry practice to mitigate the risk of threat actors using disclosed information to create new exploits. All Google Chrome users are advised to update their browsers immediately to protect themselves against these threats.
References
- Google Chrome Security Advisory (December 10, 2025)
- Vulnerability Research Institute (VRI) (Mentioned in the article)
- Tenable Vulnerability Repository (Mentioned in the article)