- Google Chrome corrects reading and writing vulnerability in the V8
- It is exploited in nature, so be on your guard
- Chrome usually updates automatically, but it wouldn’t hurt to check
Google has corrected a zero-day vulnerability recently discovered in its Chrome office browser which, according to her, is actively exploited in the wild, so that users must apply the correction as soon as possible.
The bug is described as a vulnerability of reading and writing out of limits present in the V8, followed as CVE-2025-5419, and received a gravity score of 8.8 (high).
V8 is an open source JavaScript engine used mainly in Chrome and Node.js. It has been developed by Google and feeds many key productivity applications today, such as Google Docs or Gmail.
Force update
In theory, a threat actor could create a malicious website that would perform an arbitrary code on the victim’s system during the visit. This could potentially lead to a complete compromise of the system, data theft or deployment of additional malware.
The bug is corrected in version 137.0.7151.68, and users are invited to upgrade immediately. The fixes are available for Windows, MacOS and Linux.
Usually Chrome automatically updates a new launch. However, users can do so manually by sailing to the Chrome menu> Help> On Google ChromeCheck the updates and clicking on the “Relaqueur” button.
The company said that vulnerability was abused in nature, but did not want to share additional details before the majority of chrome browsers were updated, adding that it was: “aware that a feat for CVE-2025-5419 exists in nature.”
“Access to the details of bugs and links can be limited until a majority of users are updated with a fix,” said Google. “We will also keep the restrictions if the bug exists in a third -party library on which other projects also depend, but have not yet corrected.”
This is the third chrome vulnerability up to date zero set in 2025, because two others were corrected in March and May. In 2024, the company set a total of 10 zero-day faults.
Via Bleeping Compompute
