Google has launched an emergency safety replace for Chrome after confirming {that a} vital zero-day vulnerability is being actively exploited by attackers within the wild.
The vulnerability, tracked as CVE-2025-5419, permits risk actors to execute arbitrary code on victims’ programs by out-of-bounds learn and write operations in Chrome’s V8 JavaScript engine.
The tech big pushed Chrome model 137.0.7151.68/.69 for Home windows and Mac customers, and 137.0.7151.68 for Linux programs, with the replace rolling out globally over the approaching days and weeks.
Google has explicitly said that “an exploit for CVE-2025-5419 exists within the wild,” marking this as a high-priority safety subject requiring speedy consumer consideration.
Chrome 0-Day Vulnerability Exploited
CVE-2025-5419 was found and reported by Clement Lecigne and Benoît Sevens from Google’s Menace Evaluation Group on Might 27, 2025. The vulnerability stems from reminiscence corruption points in V8, Chrome’s JavaScript and WebAssembly engine, which processes code from web sites and net functions.
Out-of-bounds reminiscence entry vulnerabilities are notably harmful as they will permit attackers to learn delicate knowledge or write malicious code to system reminiscence.
Recognizing the severity of the risk, Google applied emergency mitigation measures on Might 28, 2025, pushing a configuration change throughout all Chrome platforms to assist shield customers earlier than the complete patch turned accessible.
This speedy response demonstrates the vital nature of the vulnerability and the energetic risk it poses to Chrome customers worldwide.
The safety replace additionally addresses a second vulnerability, CVE-2025-5068, a use-after-free flaw in Blink, Chrome’s rendering engine. Safety researcher Walkman reported this medium-severity vulnerability on April 7, 2025, and carries a $1,000 bounty reward.
Whereas much less vital than the zero-day, use-after-free vulnerabilities can nonetheless result in reminiscence corruption and potential code execution.
Google has maintained its coverage of limiting entry to detailed vulnerability data till the vast majority of customers have up to date their browsers.
This method prevents malicious actors from reverse-engineering patches to develop new exploits whereas customers stay on susceptible variations.
The corporate credit its complete safety testing infrastructure for detecting many vulnerabilities earlier than they attain secure releases.
Google employs superior instruments, together with AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Management Circulate Integrity, libFuzzer, and AFL, to establish potential safety points throughout improvement.
Chrome customers ought to instantly replace their browsers by navigating to Settings > About Chrome, which is able to mechanically obtain and set up the newest model.
Given the energetic exploitation of CVE-2025-5419, customers are strongly advisable to deal with this replace as pressing. Customers can confirm their Chrome model matches 137.0.7151.68 or greater to make sure safety in opposition to these vulnerabilities.
Organizations ought to prioritize deploying this replace throughout their networks to stop potential compromise by malicious web sites focusing on the zero-day vulnerability.
Reside Credential Theft Assault Unmask & On the spot Protection – Free Webinar
