Google has released an emergency patch for a new Chrome zero-day vulnerability that is being actively exploited.
In a security advisory, Google confirms that vulnerability 466192044 is being actively exploited. This is the eighth zero-day that the company has had to patch this year. Details remain under wraps until the majority of users have updated.
LibANGLE library
According to the Chromium bug tracker, the issue occurs in LibANGLE, the open-source library. The bug is a buffer overflow in the Metal render due to incorrect buffer size calculation. This can lead to memory corruption, crashes, data leaks, or even arbitrary code execution.
The update is available for Chrome Stable on Windows (143.0.7499.109), macOS (143.0.7499.110), and Linux (143.0.7499.109). It may take a few days for everyone to receive the patch, but manual updates are possible via Help, About Google Chrome.
It has been a busy year for Google this year in terms of zero-days. Patches were rolled out in, among others, June and September of this year. Google also advises users to update as soon as possible, especially since Chrome remains an attractive target due to its wide distribution and complex ecosystem. If you do not want to update manually, you can have Chrome automatically check for updates and install them after restarting the browser.