Targeted Sectors

·         General web users

·         likely targeted espionage operations against high-value targets (e.g., journalists, political dissidents).

Targeted Countries

·         Potentially Global

BLUF

Google has released an emergency patch for a high-severity, actively exploited zero-day vulnerability in the Chrome browser, potentially residing in the ANGLE engine library.

Date of First Reported Activity

·         December 10, 2025

Date of Last Reported Activity Update

·         December 11, 2025

CVEs and CVSS Vectors for 3.1

No CVE assigned yet (tracked by internal bug ID 466192044). Severity is rated as high.

CVES associated with Google Internal ID are

CVE-2025-14372

CVSS v3.1

(9.8) AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nessus plugin ID

·         278157

Is this CVE on the KEV list?

·         No

CVE-2025-14373

CVSS v3.1

(4.3) AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Nessus plugin ID

•             278158

Is this CVE on the KEV list?

·         No

Also an unnamed CVE that is listed as high

Patching/Mitigation Data

Patch release date

·         December 10-11, 2025

Patch

·         Users are urged to update their Chrome browsers to version 143.0.7158.112 or later immediately.

·         The update process is generally automatic, but manual checks ensure immediate protection.

APT Names

·         Not publicly linked, but likely government-sponsored actors or commercial spyware operators.

Associated Criminal Organization Names

·         None specified

IOCs

Not publicly disclosed

Tools Used in Campaign

Custom exploit chain for RCE/sandbox escape.

TTPs

·         T1204.001 (User Execution: Malicious Link) or similar for delivery.

·         Potential for T1068 (Exploitation for Privilege Escalation) or T1203 (Exploitation for Client Execution).

·         T1189 (Drive-by Compromise) possible delivery method.

Malware Name

·         None specified at this time

Suggested Rules / potential hunts

Suricata Rules

None publicly available yet.

SentinelOne Rules

None publicly available yet.

Splunk Hunts

None publicly available yet.

Delivery Method

·         Likely through a malicious website that the user is tricked into visiting

Email Samples

No email samples released to the public.

References

Security Week

·         hxxps://www.securityweek.com/google-patches-mysterious-chrome-zero-day-exploited-in-the-wild

Bit Defender

·         hxxps://www.bitdefender.com/en-us/blog/hotforsecurity/google-chrome-zero-day-dec-11-2025

The Hacker News

hxxps://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html

CyberNews

·         hxxps://cybernews.com/security/chrome-zero-day-angle-exploit/

Tenable

·         hxxps://www.tenable.com/cve/CVE-2025-24372/plugins

·         hxxps://www.tenable.com/plugins/nessus/278158

·         hxxps://www.tenable.com/plugins/nessus/278157