What to know

  • Google patched a high-severity Chrome zero-day (bug 466192044), its eighth such fix in 2025, after active exploitation.​
  • Apple addressed two WebKit zero-days (CVE-2025-43529, CVE-2025-14174) exploited in sophisticated attacks on specific individuals prior to iOS 26.​
  • The flaws were jointly discovered by Apple's security team and Google's Threat Analysis Group.​
  • Update immediately to Chrome version 143.0.7499.109 or later and iOS 26.2 to block memory corruption and code execution risks.

Both Apple and Google have released a bunch of software updates to tackle security bugs and protect against a targeted hacking campaign.

The key zero-day, tracked as bug 466192044 was first discovered by Apple and then identified by Google's Threat Analysis Group which mainly tracks government hackers. So there could be a link to government-backed hackers. Attackers exploited the bug for memory corruption, crashes, data leaks, and arbitrary code execution, marking the eighth Chrome zero-day patched this year.

Google rolled out Chrome updates on December 11, 2025, targeting versions before 143.0.7499.109 (Windows and Linux) and 143.0.7499.110 (macOS).

Apple also introduced security updates for a range of its products, including iPhones, iPads, Macs, Vision Pro, Apple TV, Apple Watches, and Safari.

Devices prior to iOS 26 faced the highest risk from these memory-unsafe bugs in Safari's engine. Apple’s advisory stresses exploitation against "specific targeted individuals," echoing patterns of spyware like Pegasus from firms such as NSO Group.