Chrome 143.0.7499.109/.110 update: the CVEs and what I’d do next
Browser patches break things. They also stop real attacks, and this one includes a High-severity fix with an exploit in the wild.
Google posted a Stable channel update on December 10, 2025. It moves Windows and macOS to 143.0.7499.109/.110, and Linux to 143.0.7499.109, and Google says the rollout will happen over the coming days and weeks.
What actually changed (not the marketing version)
I’ve watched teams approve “security and stability” updates without reading the CVE list, then scramble when an extension or SSO flow acts weird. So I start with the concrete bits from the release post, then I decide how fast to push.
- Windows and macOS: Update to 143.0.7499.109/.110.
- Linux: Update to 143.0.7499.109.
- Security fixes: The release post lists three fixes total, one High and two Medium.
The security fixes (CVE list you can forward to IT)
Ignore the GitHub commit count. It’s a vanity metric. I care about exploitability, and Google explicitly says one of these has an exploit in the wild.
- CVE-2025-14174 (High): Out of bounds memory access in ANGLE. Google says an exploit exists in the wild.
- CVE-2025-14372 (Medium): Use after free in Password Manager.
- CVE-2025-14373 (Medium): Inappropriate implementation in Toolbar.
If you only read one line: CVE-2025-14174 has an exploit in the wild. That usually means “move sooner than your normal browser patch window.”
Who should upgrade, and how paranoid to be
🔔 Never Miss a Breaking Change
Get weekly release intelligence — breaking changes, security patches, and upgrade guides before they break your build.
✅ You're in! Check your inbox for confirmation.
Depends on how you run Chrome. Home users can just update and relaunch. Enterprises should stage it unless the exploit note changes your risk tolerance.
- Home users: Update as soon as Chrome offers it, then relaunch the browser so the new build actually loads.
- Enterprise fleets: Pilot on a small group first, then roll out in waves. Some folks skip canaries for browser patches. I don’t, but I get it.
- High-risk users (admins, finance, anyone handling sensitive data): Treat this as urgent because of the in-the-wild exploit note.
How to upgrade and verify the exact build
This bit has bitten people. Chrome downloads the update, then sits there until a relaunch, and your “I updated” screenshot still shows the old version.
- Check and update: Open chrome://settings/help and let Chrome download the update.
- Finish the job: Relaunch Chrome when prompted, then re-check the version.
- Verify: Confirm you’re on 143.0.7499.109 or 143.0.7499.110 (Windows/macOS), or 143.0.7499.109 (Linux).
- Enterprise rollouts: Use Chrome Browser Cloud Management or your existing policies to stage and then expand the deployment.
Known issues (what the post says, and what it does not)
The Chrome Releases post does not list known issues for this update. I do not trust “known issues: none” from any project, so keep an eye on extension breakage and weird auth prompts after the relaunch.
Other stuff in this release: the usual.
Official reference
Read the original release post, including the CVE list and rollout note: Chrome Releases blog.