Google has pushed out an emergency Chrome update after discovering a mysterious but active attack targeting the browser.
The company confirmed on Wednesday that a real-world exploit exists but declined to share specifics, calling the vulnerability highly severe. The unusual secrecy has raised fresh concerns among security watchers.
The flaw, which currently has no official CVE designation, is being tracked internally as “466192044.” Google says it rushed the patch due to the active exploitation but is still coordinating with cybersecurity authorities before assigning a CVE number.
The lack of information is unusual. Google typically describes the nature of a flaw—such as a memory error, use-after-free bug or sandbox escape—while withholding deeper technical data to avoid enabling attackers. In this case, even the general category of vulnerability remains unknown.
Researchers link bug
Despite the silence, cybersecurity outlet The Hacker News traced the internal tracking number to a publicly viewable bug ID in the Chromium project. That bug appears tied to ANGLE, Google’s open-source graphics translation layer.
ANGLE serves as Chrome’s rendering engine on Windows, translating graphics commands to different systems. The linked GitHub report hints at a possible buffer overflow, a type of vulnerability known to cause crashes or enable the execution of malicious code.
Google did not respond to requests for comment, leaving the connection unconfirmed.
Updates rolling out across platforms
Versions containing fix
The emergency patch is now available through:
-
Chrome 143.0.7499.109/.110 for Windows and Mac
-
Chrome 143.0.7499.109 for Linux
Google says the update will roll out over the coming days and weeks, though some users—including in newsrooms—received it immediately.
How to update manually
Users can force the update by navigating to:
Settings → About Chrome → Relaunch
Chrome may also apply the patch automatically after a restart. Google has additionally directed users to its support page for manual downloads.
Because Microsoft Edge is built on Google’s Chromium engine, the company confirmed it too is affected.
“Microsoft is aware of the recent exploits existing in the wild. We are actively working on releasing a security fix,” the company said.
This means millions of users across both browsers could be at risk until updates are fully deployed.
