Google issues urgent Chrome update to fix a mysterious 0-day exploit

Google has fixed three vulnerabilities in the new Chrome versions 143.0.7499.109/101 for Windows and macOS and 143.0.7499.109 for Linux. According to Google, one of these vulnerabilities is already being exploited for attacks. The release of the new Chrome version will be delayed by one day. The manufacturers of other Chromium-based browsers will follow suit in the coming days; Vivaldi has already launched an update.

Srinivas Sista did not initially publish the “Security Fixes and Rewards” section in the Chrome Release Blog. This has happened several times in recent weeks (including the previous week) — too often to be an oversight. Only half a day later does it list the security vulnerabilities that have been fixed, all of which were apparently reported to Google by external researchers.

Google categorizes one of these vulnerabilities as high risk. However, there are still no details about the vulnerability. It says succinctly: “[466192044] High: Under coordination.” So far, there is neither a CVE number nor information on the type of vulnerability or the vulnerable component. The only thing that is clear for now is that it is a 0-day vulnerability. More information should therefore follow soon. The two other vulnerabilities are classified as medium risk.

On December 2, Google released the new Chrome major version 143 with some delay, which fixes several vulnerabilities. Chrome usually updates itself automatically when a new version is available. You can manually initiate the update check using the menu item ” Help ” About Google Chrome. Google has also provided Chrome for Android 143.0.7499.1092 and Chrome for iOS 143.0.7499.108. The same vulnerabilities have been fixed in the Android version as in the desktop versions. The Extended Stable Channel for Windows and macOS now contains Chromium version 142.0.7499.235. Google does not plan to release Chrome 144 until January 2026.

Other Chromium-based browsers

The manufacturers of other Chromium-based browsers are now being called upon to quickly follow suit with updates. Microsoft Edge and Brave have completed the switch to Chromium 143 and are at last week’s security level.

Vivaldi generally ignores odd Chromium versions (such as 143) and instead relies on the extended release channel of the previous version. However, the update to Vivaldi 7.7.3851.61, which was only provided as a bug fix on December 10, already contains Chromium 142.0.7444.237. This Chromium version is also from December 10 and should therefore close all known security gaps, insofar as they affect Chromium 142 at all.

Opera’s browser version 125, which was released on December 4 and is based on Chromium version 141, has initially further reduced the gap to the competition. If the above-mentioned 0-day gap should also affect Chromium 141, the Opera developers would undoubtedly endeavor to backport the patch to Chromium 141.