New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Posted on By CWS

Jun 03, 2025Ravie LakshmananBrowser Safety / Vulnerability
Google on Monday launched out-of-band fixes to handle three safety points in its Chrome browser, together with one which it stated has come below energetic exploitation within the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds learn and write vulnerability within the V8 JavaScript and WebAssembly engine.
“Out of bounds learn and write in V8 in Google Chrome previous to 137.0.7151.68 allowed a distant attacker to doubtlessly exploit heap corruption by way of a crafted HTML web page,” reads the outline of the bug on the NIST’s Nationwide Vulnerability Database (NVD).
Google credited Clement Lecigne and Benoît Sevens of Google Menace Evaluation Group (TAG) with discovering and reporting the flaw on Could 27, 2025. It additionally famous that the difficulty was addressed the following day by pushing out a configuration change to the Secure model of the browser throughout all platforms.

As is customary, the advisory is gentle on particulars relating to the character of the assaults leveraging the vulnerability or the id of the menace actors perpetrating them. That is accomplished so to make sure that a majority of customers are up to date with a repair and to forestall different dangerous actors from becoming a member of the exploitation bandwagon.
“Google is conscious that an exploit for CVE-2025-5419 exists within the wild,” the tech big acknowledged.
CVE-2025-5419 is the second actively exploited zero-day to be patched by Google this 12 months after CVE-2025-2783 (CVSS rating: 8.3), which was recognized by Kaspersky as being weaponized in assaults focusing on organizations in Russia.
Customers are advisable to improve to Chrome model 137.0.7151.68/.69 for Home windows and macOS, and model 137.0.7151.68 for Linux to safeguard towards potential threats. Customers of Chromium-based browsers corresponding to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they turn out to be obtainable.

Discovered this text attention-grabbing? Observe us on Twitter  and LinkedIn to learn extra unique content material we publish.

The Hacker News Tags:, , , , , , , ,

Related Posts

EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware The Hacker News
ZeroDayRAT Spyware Threatens Android and iOS Security ZeroDayRAT Spyware Threatens Android and iOS Security The Hacker News
Automation Is Redefining Pentest Delivery Automation Is Redefining Pentest Delivery The Hacker News
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware The Hacker News
How to Advance from SOC Manager to CISO? How to Advance from SOC Manager to CISO? The Hacker News
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells The Hacker News