**Google Fixes Actively Exploited Chrome Zero-Day Vulnerability**

Google has addressed a high-severity vulnerability in its Chrome browser that is currently being exploited by threat actors in real-world attacks.

The bug, tracked as Chromium issue 466192044, was discovered to be located in the ANGLE graphics library's Metal renderer. The issue arises from incorrectly calculated buffer sizes using pixelsDepthPitch, derived from GL_UNPACK_IMAGE_HEIGHT. This can lead to buffer overflows, causing memory corruption, crashes, or potentially arbitrary code execution.

Google did not release technical details about the bug, citing the fact that an exploit for the vulnerability already exists in the wild. However, a related GitHub commit provided some insight into the issue, confirming that it lies within the ANGLE graphics library's Metal renderer.

In addition to addressing this high-severity flaw, Google also fixed two medium-severity vulnerabilities through its latest security updates. These patches will be rolled out over the next days and weeks, with Chrome Stable being updated to 143.0.7499.109/.110 for Windows/macOS and 143.0.7499.109 for Linux.

This is not an isolated incident, as Google has addressed seven other zero-day vulnerabilities that were actively exploited in the wild this year alone. The company's dedication to security and frequent updates is a testament to its commitment to protecting users from emerging threats.

**Key Details:**

* **CVE:** Not provided * **Affected Version:** Chrome Stable 143.0.7499.109/.110 (Windows/macOS) and 143.0.7499.109 (Linux) * **Fixed Versions:** Chrome Stable 143.0.7499.109/.110 (Windows/macOS) and 143.0.7499.109 (Linux)

**Follow the Author:**

Stay up-to-date on the latest security news by following me on:

• @securityaffairs
• Facebook
• Mastodon